We care about security. If you've found a vulnerability in Frugal, we want to hear about it. We welcome responsible disclosure and will work with you to understand and fix issues quickly.
If you follow these guidelines, we consider your research authorized:
Act in good faith
Only test systems in scope
Only test systems in scope
Don't degrade or disrupt services
Don't publicly disclose before we've had a reasonable opportunity to fix the issue
If something goes wrong (it happens), stop and let us know right away.
Please Don't
Exfiltrate or access customer data
Run automated scanners that create excessive load
Attempt privilege escalation beyond proof of concept
Chain vulnerabilities for deeper exploitation
Use findings for anything other than reporting
Handling of Reports
All reports are logged and tracked through our vulnerability management process, prioritized based on risk and impact, and remediated according to our internal SLAs.
Disclosure
We follow a responsible disclosure approach: fix first, then disclose. We're happy to coordinate timing with you.
Questions?
Not sure if something is a vulnerability? Send it anyway or ask first. We'd rather see it than miss it.
A 30-minute walkthrough of code analysis, cost insights, and AI-generated fixes.
Take Frugal for a live test drive
Explore how Frugal scans your code and cloud services to find waste, recommend optimizations, and generate ready-to-use fixes in a secure, read-only environment.