# RFC 9116 — security.txt
# https://www.rfc-editor.org/rfc/rfc9116
#
# We honor coordinated disclosure. Please contact us before any
# public publication of a vulnerability against 4 Qubits surfaces.

Contact: mailto:security@4qubits.com
Expires: 2027-05-09T00:00:00.000Z
Preferred-Languages: en
Canonical: https://portal.4qubits.com/.well-known/security.txt
Policy: https://portal.4qubits.com/security
Acknowledgments: https://portal.4qubits.com/security#acknowledgments

# In scope:
#   *.4qubits.com (portal, app, trust, govern, www)
#   4 Qubits SDK packages (PyPI / npm / crates.io)
#   Air-gapped Vault verifier (single-binary distribution)
#
# Out of scope:
#   Third-party services (Cloudflare, Azure, Microsoft Entra)
#   SPF/DMARC misconfigurations not affecting auth
#   Social-engineering, denial of service, rate-limit testing