Contact: mailto:contact@backupsec.com Expires: 2027-03-12T00:00:00.000Z Preferred-Languages: en, tr Canonical: https://backupsec.com/.well-known/security.txt Policy: https://backupsec.com/.well-known/security.txt # BackupSec Security Disclosure We take the security of our website, distributed product artifacts, and customer-facing services seriously. If you believe you have identified a security vulnerability in BackupSec-controlled assets, we encourage responsible disclosure. ## Reporting Security Issues Please report security vulnerabilities to: contact@backupsec.com Subject line: "SECURITY DISCLOSURE" Include the following in your report: - Description of the vulnerability - Steps to reproduce the issue - Potential impact assessment - Any proof-of-concept code (if applicable) ## Scope In scope: - backupsec.com and subpaths we control - Distributed BackupSec product artifacts and installers - Customer portal and other BackupSec-operated web surfaces Out of scope unless reproducible in BackupSec-controlled code or assets: - Customer-specific on-prem deployments and local infrastructure - Third-party products, plugins, or cloud services - Misconfigurations in systems not operated by BackupSec ## What to Expect - We will acknowledge your report within 48 hours - We will provide regular updates on our progress - We will credit you in our security acknowledgments (if desired) - We will work with you to understand and resolve the issue ## Out of Scope The following are explicitly out of scope: - Denial of Service (DoS) attacks - Social engineering attacks against our employees - Physical security testing - Third-party applications or services not under our control - Automated bulk scanning that degrades service availability - Reports that contain only missing best-practice headers without a demonstrable security impact ## Safe Harbor We consider security research conducted in good faith and in accordance with this policy to be: - Authorized in accordance with applicable laws - Exempt from any restrictions in our Terms of Service that would interfere with such research - Exempt from potential legal action by BackupSec Thank you for helping keep BackupSec and our users safe!