# Kubereum Private Limited — Security Policy
# RFC 9116: https://www.rfc-editor.org/rfc/rfc9116

Contact: mailto:security@kubereum.com
Contact: mailto:contact@kubereum.com
Expires: 2027-05-16T00:00:00.000Z
Preferred-Languages: en, hi
Canonical: https://kubereum.com/.well-known/security.txt
Policy: https://kubereum.com/security

# If you have discovered a security vulnerability in any Kubereum
# product, website, or service, please report it to the addresses
# above. We will acknowledge receipt within 72 hours and aim to
# respond with a status update within 7 business days.
#
# Please do NOT disclose the issue publicly until we have had a
# reasonable opportunity to investigate and remediate.
#
# Out of scope:
#   - Reports from automated scanners without proof of impact
#   - Social engineering / phishing reports against our employees
#   - Physical security issues
#   - Issues in third-party services we depend on (report to them)
#
# Hall of fame: we are happy to credit researchers (with consent)
# once a reported issue is resolved.