# Security Policy for jisaku.com
# RFC 9116 - https://www.rfc-editor.org/rfc/rfc9116.html

# Contact Information
Contact: mailto:security@jisaku.com
Contact: https://jisaku.com/contact

# Canonical URL
Canonical: https://jisaku.com/.well-known/security.txt

# Preferred Languages
Preferred-Languages: ja, en

# Expires
Expires: 2026-12-31T23:59:59Z

# Encryption
# Encryption: https://jisaku.com/.well-known/pgp-key.txt

# Acknowledgments
# Acknowledgments: https://jisaku.com/security/hall-of-fame

# Policy
Policy: https://jisaku.com/security/policy

# Hiring
# Hiring: https://jisaku.com/careers

# Additional Information
# This file is used to specify security-related information for researchers
# and users who wish to report security vulnerabilities or concerns.
#
# 自作.com (jisaku.com) - PC Builder & Tech Content Platform
# We take security seriously and appreciate responsible disclosure.
#
# Reporting Guidelines:
# - Please report any security vulnerabilities via the contact methods above
# - Include detailed information about the vulnerability
# - Allow reasonable time for us to address the issue before public disclosure
# - We do not have a bug bounty program at this time
#
# Scope:
# - Main website: https://jisaku.com
# - API endpoints: https://api.jisaku.com
# - Admin dashboard: https://admin.jisaku.com
#
# Out of Scope:
# - Third-party services (Cloudflare, Supabase, etc.)
# - Social engineering attacks
# - Physical security
#
# Response Time:
# - Initial acknowledgment: Within 48 hours
# - Status update: Within 7 days
# - Resolution target: Within 90 days (depending on severity)
#
# Last Updated: 2026-01-25