# Security.txt for Sipylus

Canonical: https://www.sipylus.com/.well-known/security.txt
Contact: mailto:security@sipylus.com
Preferred-Languages: en
Encryption: https://www.sipylus.com/.well-known/publickey.txt
Acknowledgments: https://cisols.com/sipylus/
Policy: https://www.sipylus.com/legal/security-policy/
Hiring: https://www.sipylus.com/services/employment/
Expires: 2026-01-01T00:00:00Z

# For the avoidance of doubt, we do not consider the following to be reportable issues:
#
# 1. Volumetric vulnerabilities (i.e., denial-of-service or overwhelming our
#    service with a high volume of requests)
#
# 2. SSH and SSH username enumeration
#
# 3. TLS configuration weaknesses (i.e., weak cipher suite support, TLS 1.0
#    support, etc.)
#
# 4. Use of outdated jQuery libraries
#
# 5. Email configuration issues (SPF, DKIM, DMARC)
#
# 6. Gaps in common best practices, such as missing security headers (CSP,
#    X-Frame-Options, X-Prevent-XSS, etc.)
#
# 7. Non-exploitable vulnerabilities