Contact: mailto:security@defendvista.com
Contact: https://defendvista.com/responsible-disclosure
Expires: 2027-06-17T00:00:00.000Z
Preferred-Languages: en
Canonical: https://defendvista.com/.well-known/security.txt
Policy: https://defendvista.com/responsible-disclosure

# DefendVista Coordinated Vulnerability Disclosure
#
# DefendVista is a UK cybersecurity consultancy. We welcome and
# appreciate responsible disclosure of security issues affecting
# defendvista.com or any DefendVista-operated service.
#
# How to report
#   Email security@defendvista.com with:
#     - A clear description of the issue
#     - Steps to reproduce (PoC where possible)
#     - The affected URL or endpoint
#     - Your contact details (so we can follow up)
#
# Our commitments to you
#   - We acknowledge new reports within 1 UK working day.
#   - We provide a triage decision within 5 UK working days.
#   - We keep you informed through remediation.
#   - We will not pursue legal action against good-faith researchers
#     who follow this policy (safe harbour).
#
# Scope
#   In scope:  defendvista.com, www.defendvista.com,
#              *.defendvista.com (Lovable-hosted assets),
#              notify.defendvista.com (email infrastructure).
#   Out of scope: third-party SaaS, marketing pages we do not
#                 control, social engineering of staff, physical
#                 attacks, denial-of-service testing.
#
# Please do not
#   - Access, modify or delete data that does not belong to you.
#   - Run automated scanners that generate significant load.
#   - Publicly disclose an issue before we have had a reasonable
#     chance to remediate.
#
# Full policy: https://defendvista.com/responsible-disclosure
#
# Thank you for helping keep operational businesses safer.