# Candor Host vulnerability disclosure — per RFC 9116. # Full policy: https://candorhost.com/security/ Contact: mailto:security@candorhost.com Contact: mailto:legal@candorhost.com Expires: 2027-07-08T23:59:59.000Z Preferred-Languages: en Canonical: https://candorhost.com/.well-known/security.txt Policy: https://candorhost.com/security/ # We do not currently operate a paid bug bounty program. # We will publicly credit researchers who report in good faith, # with permission, at https://candorhost.com/security/. # # Please give us a reasonable window to remediate before public disclosure. # See our safe-harbor terms at https://candorhost.com/security/.