Security Policy

While Simbiat Software and this website is, at the time of writing, a pet project, rather than business, security is important part of it with code written with security always in mind. While following good practices and security recommendations can help with making the website secure, some things can be missed. If you have encountered a [potential] security issue or vulnerability, we encourage you not to exploit it, but rather report it, so that it can be fixed.

The policy applies to all domains and subdomains of *.simbiat.dev as well as GitHub code.

No actions will be taken against reporters of the vulnerabilities identified.

To report potential vulnerability, please, use any of channels listed on Contacts page. Please, include as much details about the vulnerability as possible: screenshots, videos, steps to replicate and other artifacts can help greatly in locating and fixing the issue. If vulnerability is identified in code posted on GitHub you can submit an issue there for ease of tracking.

At the time this policy is active, reports are excepted only in English and Russian.

Confirmed vulnerabilities may be publicly disclosed after the fix with proper identification of original reporter(s) and permanent mentions on Technology page.

For security researchers we also provide security.txt file as per proposed standard. File is static except for expiration date, which takes midnight of last Monday of next month from the date of access.

Here are links to external websites, that can show evaluation of some security aspects of the website:

• SSL Labs
• Security Headers
• HSTS Preload