# Stackhero security is a priority (really!).
#
# We appreciate the efforts of security researchers in identifying vulnerabilities.
#
# Here is a non-exhaustive list of findings that are NOT included in our bug bounty program:
#   - Weak password policy
#   - Missing headers like "Permission-Policy" and "Content-Security-Policy"
#   - Password Reset token leaking to third-party sites
#   - Brute forces using rotating IPs
#   - Account duplication using "+" or "." characters
#   - Any kind of "DDoS" attack
#
# We look forward to your comprehensive and valuable submissions!
#
Contact: mailto:security@stackhero.io