# Per RFC 9116 — https://www.rfc-editor.org/rfc/rfc9116 # Update Expires before this date and re-sign / re-publish. Contact: mailto:security@chattriix.com Encryption: https://messenger.chattriix.com/.well-known/messenger-security.asc Preferred-Languages: en Canonical: https://messenger.chattriix.com/.well-known/security.txt Policy: https://messenger.chattriix.com/security Acknowledgments: https://messenger.chattriix.com/security/hall-of-fame Expires: 2027-12-31T23:59:59Z # V2 Phase 8 task 8.14 — full responsible-disclosure policy at the # Policy URL above. Highlights: # - 24h initial response (business days) # - 7-day triage decision # - 90 days to fix critical / 180 days lower # - Bounty: $100 (low) → $5000+ (critical) # # Encrypted reports preferred. PGP key file at the Encryption URL. # # We open-source the security-critical parts so reproductions are # practical: https://github.com/farazaliggit/messenger