# Security Policy for DirectNode
# This file follows RFC 9116 (https://www.rfc-editor.org/rfc/rfc9116.html)
# Also available at: https://directnode.on-forge.com/.well-known/security.txt

Contact: mailto:security@directnode.nl
Contact: mailto:contact@directnode.nl
Expires: 2026-12-31T23:59:59.000Z
Encryption: https://directnode.on-forge.com/.well-known/pgp-key.txt
Preferred-Languages: nl, en
Canonical: https://directnode.on-forge.com/.well-known/security.txt
Policy: https://directnode.on-forge.com/security-policy
Hiring: https://directnode.on-forge.com/werken-bij

# Acknowledgments
Acknowledgments: https://directnode.on-forge.com/security-acknowledgments

# Scope
# This security policy applies to all services and infrastructure operated by DirectNode
# including but not limited to:
# - directnode.on-forge.com
# - directnode.net
# - my.directnode.nl
# - All associated APIs and services

# Reporting Guidelines
# Please include:
# - Description of the vulnerability
# - Steps to reproduce
# - Potential impact
# - Suggested fix (if any)
# - Your contact information (optional, for acknowledgment)

# Response Time
# We aim to respond to security reports within 48 hours and provide updates
# on the status of the vulnerability within 7 days.

# Disclosure Policy
# We follow responsible disclosure practices. Please allow us reasonable time
# to address the vulnerability before public disclosure.