# RFC 9116 — Soteryan BV vulnerability disclosure contacts
# Web: https://soteryan.com
# This file is served at /.well-known/security.txt
# Latest spec: https://www.rfc-editor.org/rfc/rfc9116

Contact: mailto:security@soteryan.com
Contact: https://soteryan.com/#contact
Expires: 2027-05-07T00:00:00.000Z
Preferred-Languages: en, nl, ru
Canonical: https://soteryan.com/.well-known/security.txt
Policy: https://soteryan.com/disclaimer.html#7-security-vulnerability-disclosure

# We welcome reports from good-faith security researchers.
# Please do not engage in:
#   - denial-of-service or volumetric testing
#   - social engineering of staff, clients, or partners
#   - testing that disrupts production environments
#   - access to data that is not yours
# We will not pursue legal action against researchers who comply with
# coordinated-disclosure principles and respect the boundaries above.
#
# In your report, please include:
#   - a clear technical description of the issue
#   - reproduction steps (or proof-of-concept)
#   - the impact you believe it has
#   - your handle / how you wish to be credited (optional)
#
# We aim to acknowledge new reports within 2 business days and to
# remediate within 30 days for high-severity issues, faster for
# critical issues. Status updates are sent to the reporter.