# ============================================ # security.txt - YalotengoCR Registro # RFC 9116 Compliant Security Contact Information # https://registro.yalotengocr.com/.well-known/security.txt # ============================================ # Our security address Contact: mailto:info@yalotengocr.com Contact: https://yalotengocr.com Contact: tel:+506-6315-7910 # Preferred languages for security reports Preferred-Languages: es, en # Canonical URL for this file Canonical: https://registro.yalotengocr.com/.well-known/security.txt # Expiration date (1 year from last update) Expires: 2027-01-30T23:59:59.000Z # Security policy Policy: https://yalotengocr.com/security-policy # Acknowledgments Acknowledgments: https://yalotengocr.com/security-acknowledgments # ============================================ # SECURITY REPORTING / REPORTE DE SEGURIDAD # ============================================ # ENGLISH # If you discover a security vulnerability in our registration portal, # please report it to us responsibly. We appreciate your efforts to # improve the security of our services. # # How to report: # 1. Email: info@yalotengocr.com with subject "SECURITY VULNERABILITY" # 2. WhatsApp: +506 6315-7910 (mention security concern) # 3. Provide detailed information about the vulnerability # 4. Allow us reasonable time to respond and fix the issue # # We commit to: # - Acknowledge receipt within 48 hours # - Investigate and validate the report # - Keep you informed of our progress # - Credit you (if desired) after fix is deployed # - Not pursue legal action against good-faith security researchers # # Please DO NOT: # - Publicly disclose the vulnerability before we've had time to fix it # - Exploit the vulnerability for malicious purposes # - Access or modify user data beyond what's necessary to demonstrate the issue # - Perform DoS/DDoS attacks # - Spam our services # # In Scope: # - SQL Injection # - XSS (Cross-Site Scripting) # - CSRF (Cross-Site Request Forgery) # - Authentication/Authorization bypass # - Sensitive data exposure # - Server-side code execution # - Insecure direct object references # - Security misconfigurations # # Out of Scope: # - Social engineering attacks # - Physical attacks against our facilities # - DoS/DDoS attacks # - Spam/phishing # - Issues in third-party services we don't control # - Already-known and reported issues # - Issues requiring unlikely user interaction # ESPAÑOL # Si descubres una vulnerabilidad de seguridad en nuestro portal de registro, # por favor repórtala de manera responsable. Apreciamos tus esfuerzos para # mejorar la seguridad de nuestros servicios. # # Cómo reportar: # 1. Email: info@yalotengocr.com con asunto "VULNERABILIDAD DE SEGURIDAD" # 2. WhatsApp: +506 6315-7910 (menciona problema de seguridad) # 3. Proporciona información detallada sobre la vulnerabilidad # 4. Danos tiempo razonable para responder y solucionar el problema # # Nos comprometemos a: # - Acusar recibo en 48 horas # - Investigar y validar el reporte # - Mantenerte informado de nuestro progreso # - Darte crédito (si lo deseas) después de desplegar la solución # - No emprender acciones legales contra investigadores de seguridad de buena fe # # Por favor NO: # - Divulgar públicamente la vulnerabilidad antes de que hayamos podido arreglarla # - Explotar la vulnerabilidad con propósitos maliciosos # - Acceder o modificar datos de usuarios más allá de lo necesario para demostrar el problema # - Realizar ataques DoS/DDoS # - Hacer spam a nuestros servicios # # En Alcance: # - Inyección SQL # - XSS (Cross-Site Scripting) # - CSRF (Cross-Site Request Forgery) # - Bypass de autenticación/autorización # - Exposición de datos sensibles # - Ejecución de código en servidor # - Referencias directas inseguras a objetos # - Configuraciones de seguridad incorrectas # # Fuera de Alcance: # - Ataques de ingeniería social # - Ataques físicos contra nuestras instalaciones # - Ataques DoS/DDoS # - Spam/phishing # - Problemas en servicios de terceros que no controlamos # - Problemas ya conocidos y reportados # - Problemas que requieren interacción de usuario poco probable # ============================================ # ENCRYPTION / CIFRADO # ============================================ # We support HTTPS/TLS for all communications # HSTS is enabled with max-age=31536000 # TLS 1.2+ required # Strong cipher suites only # Soportamos HTTPS/TLS para todas las comunicaciones # HSTS habilitado con max-age=31536000 # TLS 1.2+ requerido # Solo suites de cifrado fuertes # ============================================ # RESPONSIBLE DISCLOSURE / DIVULGACIÓN RESPONSABLE # ============================================ # We follow responsible disclosure practices # Seguimos prácticas de divulgación responsable # Timeline / Línea de tiempo: # Day 0: Report received / Reporte recibido # Day 0-2: Acknowledgment sent / Acuse de recibo enviado # Day 3-7: Initial assessment / Evaluación inicial # Day 8-30: Fix development and testing / Desarrollo y pruebas de solución # Day 31-45: Deployment / Despliegue # Day 46+: Public disclosure (if applicable) / Divulgación pública (si aplica) # ============================================ # CONTACT DETAILS / DETALLES DE CONTACTO # ============================================ # Primary Contact / Contacto Principal: # Email: info@yalotengocr.com # WhatsApp: +506 6315-7910 # Phone: +506 6293-1430 # Physical Address / Dirección Física: # YalotengoCR # El Coco Plaza, Local #5 # Alajuela, Costa Rica # Websites / Sitios Web: # Main Site: https://yalotengocr.com # Registration: https://registro.yalotengocr.com # Tracking: https://rastreo.yalotengocr.com # Social Media / Redes Sociales: # Facebook: https://www.facebook.com/Yalotengocr # Instagram: https://www.instagram.com/yalotengocr # TikTok: https://www.tiktok.com/@yalotengocr # ============================================ # HALL OF FAME (Security Researchers) # SALÓN DE LA FAMA (Investigadores de Seguridad) # ============================================ # We appreciate responsible disclosure and will credit researchers # who help us improve our security. # # Apreciamos la divulgación responsable y daremos crédito a investigadores # que nos ayuden a mejorar nuestra seguridad. # # Hall of Fame: https://yalotengocr.com/security-hall-of-fame # ============================================ # HIRING / CONTRATACIÓN # ============================================ # Interested in working with us? # ¿Interesado en trabajar con nosotros? # # Email: info@yalotengocr.com # Subject: "Job Application - Security" # ============================================ # END OF SECURITY.TXT # ============================================