FireBounty
176669 policies in database
Link to program      
2026-02-01
simpanpassword.my.id logo
Thank
Gift
HOF
Reward

simpanpassword.my.id

A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice. 

# Security Policy for IndVault Password Manager
# Last Updated: 2026-01-06
# Canonical: https://indvault.vercel.app/.well-known/security.txt

Contact: mailto:security@indvault.app
Expires: 2026-07-06T00:00:00.000Z
Preferred-Languages: id, en
Canonical: https://indvault.vercel.app/.well-known/security.txt

# About IndVault
# IndVault is a zero-knowledge password manager with client-side encryption.
# We take security seriously and appreciate responsible disclosure.

# Reporting Security Issues
# Please report security vulnerabilities to security@indvault.app
# We aim to respond within 48 hours and provide updates every 7 days.

# Scope
# In scope:
# - Client-side encryption implementation
# - Authentication mechanisms
# - Data storage security
# - Cross-site scripting (XSS)
# - Cross-site request forgery (CSRF)
# - Session management
# - Backup/restore functionality
# - Browser extension security

# Out of scope:
# - Third-party service vulnerabilities (Google, Microsoft, Dropbox)
# - Social engineering attacks
# - Physical access attacks
# - Denial of Service (DoS)

# Response Process
# 1. Submit report to security@indvault.app
# 2. We acknowledge receipt within 48 hours
# 3. We investigate and provide updates every 7 days
# 4. We work with you to understand and reproduce the issue
# 5. We develop and test a fix
# 6. We deploy the fix and notify you
# 7. We credit you in our security acknowledgments (if desired)

# Acknowledgments
# View our security acknowledgments at:
# https://indvault.vercel.app/SECURITY.md

# Policy
# For more details, see our full security policy:
# https://indvault.vercel.app/SECURITY.md

# Encryption
# IndVault uses:
# - AES-256-GCM for data encryption
# - PBKDF2 with 600,000 iterations for key derivation
# - Zero-knowledge architecture (we never see your master password)
# - Client-side encryption only

# Additional Resources
# Documentation: https://indvault.vercel.app/DOCUMENTATION.md
# Privacy Policy: https://indvault.vercel.app/PRIVACY-POLICY.md
# Terms of Service: https://indvault.vercel.app/TERMS-OF-SERVICE.md

This policy crawled by Onyphe on the 2026-02-01 is sorted as securitytxt.

FireBounty © 2015-2026

Legal notices | Privacy policy