Security Policy (RFC 9116)
Adopted Standards
| Layer | Implementation |
|---|---|
| System | OpenBSD 7.8 |
| Web Server | httpd(8) with chroot |
| Firewall | pf(4) with restrictive rules |
| TLS | Version 1.3 mandatory |
| HSTS | Max-age 31536000, includeSubDomains, preload |
Vulnerability Reporting
If you identify a security vulnerability:
- Do not test further beyond initial discovery
- Document steps to reproduce
- Send PGP-encrypted report to: security@tizianogasparet.com
- Await confirmation within 72 hours
Rewards
I do not offer monetary bounties. I offer:
- Public recognition (if desired)
- Early access to fixes
- Permanent operational gratitude
Tiziano Gasparet — January 2026