# security.txt - RFC 9116 Compliance
# https://securitytxt.org/

Contact: mailto:dpo@xbox.com.br
Contact: https://xbox.com.br/direitos-titular.html
Expires: 2026-11-09T23:59:59.000Z
Preferred-Languages: pt-BR, en
Canonical: https://xbox.com.br/.well-known/security.txt
Policy: https://xbox.com.br/politica-privacidade.html

# VULNERABILITY DISCLOSURE POLICY
#
# We take security seriously. If you discover a security vulnerability,
# please report it responsibly:
#
# 1. Email: dpo@xbox.com.br with subject "SECURITY VULNERABILITY"
# 2. Include:
#    - Detailed description of the vulnerability
#    - Steps to reproduce
#    - Impact assessment
#    - Proof of concept (if applicable)
#
# 3. Response Timeline:
#    - Initial response: Within 48 hours
#    - Status update: Within 7 days
#    - Resolution target: Within 30 days (depends on severity)
#
# 4. Responsible Disclosure:
#    - Please do NOT publicly disclose the vulnerability until we've had
#      a chance to address it
#    - We will acknowledge your contribution once the issue is resolved
#
# 5. Out of Scope:
#    - Social engineering attacks
#    - Physical attacks
#    - Denial of Service (DoS) attacks
#    - Spam or brute force attacks
#
# Thank you for helping keep Xbox Tetris secure!