# RFC 9116 — vulnerability disclosure policy # TODO: replace contact + domain, sign this file with your PGP key, # and keep Expires < 1 year out (rotate it on a calendar reminder). Contact: mailto:security@example.com Expires: 2027-07-01T00:00:00.000Z Preferred-Languages: en Canonical: https://example.com/.well-known/security.txt Policy: https://example.com/security/