# Badger+ Security Policy
# Last Updated: 2025-08-05

# Security Contact
Contact: mailto:security@badger.plus
Expires: 2026-08-05T00:00:00.000Z

# Preferred Languages
Preferred-Languages: en

# Security Policy
Policy: https://badger.plus/security-policy

# Acknowledgments
Acknowledgments: https://badger.plus/security-acknowledgments

# Canonical
Canonical: https://badger.plus/.well-known/security.txt

# Bug Bounty Program
# We appreciate responsible disclosure of security vulnerabilities.
# Please email security@badger.plus with details.

# PGP Key (if available)
Encryption: https://badger.plus/pgp-key.txt

# Security Practices
# - All data encrypted in transit (TLS 1.3+)
# - Regular security audits
# - OWASP Top 10 compliance
# - Automated dependency scanning
# - Rate limiting on all endpoints
# - CSRF protection on state-changing operations
# - XSS prevention with DOMPurify
# - JWT authentication with secure key management