This is the AlphaChat IRC Network Security Disclosure Policy.

• Security issues with our infrastructure (machines); including, but not limited to, compromised
  user accounts, SSH credentials, TLS and VPN private keys, etc., should be reported to the
  contact given in our security.txt file.
  
  Your report will be read within 3 working days, and acted upon within 1 working day thereafter.
  
  
  
• Security issues with our services (web server, webchat, Tor onion service, mail server, IRC
  servers, etc.) should be reported to the contact given in our security.txt file.
  
  Your report will be read within 3 working days, and acted upon within 3 working days thereafter.
  
  
  
• Security issues with our software, including denial of service vulnerabilities, memory
  corruption vulnerabilities, information disclosure vulnerabilities, etc., should be reported
  to the contact given in our security.txt file.
  
  Your report will be read within 3 working days, and acted upon within 14 working days thereafter.
  
  
  

When your issue is reported, you will receive a reply when it is read. This will start a 14-day
disclosure embargo. Please feel free to publicly disclose your research after this time, even if
the issue has not yet been fixed. You may also receive a reply before that time window confirming
that the issue has been fixed; this will lift the embargo, and you can consider yourself free to
publicly disclose your research at that time.

Please indicate in your report whether you would like to be credited, and how (e.g. name, e-mail
address, website address, company name, etc). We will not credit any reports by default, for
privacy reasons.

Please use PGP e-mail encryption when reporting security vulnerabilities. The necessary key
is located here.