No personal gain
Last updated: Feb 13, 2026
Fluid Attacks requires all talent to treat all client information, including vulnerability reports, with the utmost confidentiality and integrity, and to avoid any actions that could compromise the client's security or privacy. This includes refraining from using discovered vulnerabilities for unauthorized access, personal enrichment, or any other self-serving purposes.
Other confidentiality measures
Encryption in transit
Fluid Attacks ensures data security with TLSv1.3, HSTS, and 30-day certificate renewals, maintaining an SSL Labs A+ rating across all connections.
Personnel NDA
To ensure the security of client information, Fluid Attacks requires all new talent to sign a publicly available non-disclosure agreement (NDA).