# ONOXSOFT — Coordinated Vulnerability Disclosure
# RFC 9116 compliant security.txt
#
# https://onoxsoft.com/.well-known/security.txt
# Last updated: 2026-05-13

Contact: mailto:security@onoxsoft.com
Contact: https://onoxsoft.com/security/report
Preferred-Languages: tr, en

Expires: 2027-05-13T00:00:00.000Z

Encryption: https://onoxsoft.com/.well-known/security-pgp.asc

Acknowledgments: https://onoxsoft.com/security/hall-of-fame
Policy: https://onoxsoft.com/security/disclosure-policy

# Bug bounty program (Phase 5+):
# - Critical (RCE, auth bypass, panel takeover): $500-$2000
# - High (privilege escalation, info disclosure): $250-$500
# - Medium (XSS, CSRF): $100-$250
# - Low (info leak, weak config): $50-$100
#
# Out of scope:
# - Self-XSS, social engineering, physical attacks
# - DoS / DDoS testing (production servers)
# - Subdomain takeover on unrelated *.com.tr domains
# - Test/staging environment issues
#
# Hesap oluşturarak test edebilirsiniz: https://onoxsoft.com/security/test-account
# Lütfen müşteri verilerine erişmeyin — sadece kendi test hesabınızda çalışın.
