# GovTok's Official Security.txt
# Because nothing says "fun website" like a standardized vulnerability disclosure file.

# 📬 Where to reach us
Contact: mailto:security@govtok.us
Contact: https://govtok.us/contact

# 🔐 Use this if you want to send us encrypted vulnerability details
Encryption: https://govtok.us/pgp-key.txt

# 🙌 Shoutouts to the folks who helped us squash bugs
Acknowledgments: https://govtok.us/thanks

# 📜 Our official security & disclosure policy
Policy: https://govtok.us/security

# 💼 Want to join the team? We are looking for volunteers
Hiring: https://govtok.us/get-involved

# 🧰 Machine-readable security advisories
CSAF: https://govtok.us/.well-known/csaf/provider-metadata.json

# 🌐 This file’s one true home
Canonical: https://govtok.us/.well-known/security.txt

# 🗣️ We speak human (English)
Preferred-Languages: en

# ⏳ This file expires on (refresh your cache after this date)
Expires: 2030-09-05T19:00:00.000Z


# Extra notes (unofficial but still true):
# - If you’ve found a bug, congrats: you’re now cooler than our QA team.
# - We promise not to shoot the messenger (responsible disclosure = responsible gratitude).
# - Bonus points if your bug report comes with memes or haikus.
# - Critical severity? Don’t panic — unless it’s Friday at 4:59 PM, then we might panic a little.
# - We do not accept vulnerability reports via carrier pigeon, smoke signals, or TikTok DMs.