About

This is the section, where you can learn about Simbiat Software.

While Simbiat Software and this website is, at the time of writing, a pet project, rather than business, security is important part of it with code written with security always in mind. While following good practices and security recommendations can help with making the website secure, some things can be missed. If you have encountered a [potential] security issue or vulnerability, we encourage you not to exploit it, but rather report it, so that it can be fixed.

The policy applies to all domains and subdomains of *.simbiat.ru as well as GitHubGitHub code.

No actions will be taken against reporters of the vulnerabilities identified.

To report potential vulnerability, please, use any of channels listed on page. Please, include as much details about the vulnerability as possible: screenshots, videos, steps to replicate and other artifacts can help greatly in locating and fixing the issue. If vulnerability is identified in code posted on GitHub you can submit an issue there for ease of tracking.

At the time this policy is active, reports are excepted only in English and Russian.

Confirmed vulnerabilities may be publicly disclosed after the fix with proper identification of original reporter(s) and permanent mentions on page.

For security researchers we also provide security.txt file as per proposed HackerOnestandard. File is static except for expiration date, which takes midnight of last Monday of next month from the date of access.

Here are links to external websites, that can show evaluation of some security aspects of the website:

History of changes
Date of change Date of effect Details of change
September 12, 2022 September 12, 2022 Removed link to CSP Scanner, since website was retired
December 12, 2021 December 12, 2021 Added link to SecurityHeaders check
December 11, 2021 December 11, 2021 Added links for external scanners
August 21, 2021 August 21, 2021 Initial implementation