-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# LaserSell Security Policy
# Optimized for RFC 9116 compliance.
# Our security team acknowledges reports within 24 hours.

Contact: mailto:security@lasersell.io
Encryption: https://www.lasersell.io/lasersell-pgp-key.asc
Canonical: https://www.lasersell.io/.well-known/security.txt
Policy: https://www.lasersell.io/security
Preferred-Languages: en
Acknowledgments: https://www.lasersell.io/security/hall-of-fame

# --- Scope ---
# In scope:
#   - LaserSell Website (https://www.lasersell.io)
#   - LaserSell App Dashboard (https://app.lasersell.io)
#   - LaserSell GitHub repositories (https://github.com/lasersell/*)
#   - LaserSell SDK (npm, PyPI, crates.io, Go)
#   - LaserSell API (https://api.lasersell.io)
#   - WebSocket Exit Intelligence streams (wss://stream.lasersell.io)
#   - LaserSell Desktop Application
#
# Out of scope:
#   - Third-party integrations
#   - Social engineering, Physical security, and DoS
#   - dl.lasersell.io (static file hosting)
#   - status.lasersell.io (status page)
#   - Missing security headers on static/marketing pages
#   - SPF, DKIM, DMARC, and email configuration issues
#   - Rate limiting on non-authentication endpoints
#   - Content spoofing or text injection without demonstrated impact
#   - Self-XSS (requires victim to paste code in their own console)
#   - Missing cookie flags on non-session cookies
#   - Clickjacking on pages with no state-changing actions
#   - CSRF on unauthenticated forms or logout
#   - Software version disclosure or banner grabbing
#   - Descriptive error messages without sensitive data exposure
#   - Vulnerabilities requiring physical access to user device
#   - Automated scanner output without a validated proof of concept
#   - Theoretical vulnerabilities without demonstrated exploitability

# Thank you for helping keep LaserSell and the Solana ecosystem safe.
Expires: 2027-02-18T18:00:00.000Z
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEpl/83x1LPsILwEUvg7GsRPlHMK0FAmmv2JQACgkQg7GsRPlH
MK1hjA//b93GMDEfdHUh5l6GOf4m6zbFgOmNjleXLPJMWiFst/VnG3Q0EVNPjhaW
4mU9BGuaEeZy3vBu1s5ghHtwS+yIK0Kd7xnFSQaL+Lzx61LkjJjUCnW9DUtTsUMY
hehOpGHMOuz7qykpa7AK1QWfw7cpMftHheVxtT+WEv9/coxml0lFq4MvoF3NiICi
2N4vCWOXwqbf/XWQ2+T7rgwCOwmbl97geVRoreD35Rq/dphizL3FjFk9v2zP0zdu
nkb52Bzhr1wkzK4uskhIOmiXPEvZGr42a3ckiTg8SXF6q1Q1dQHl+QHMRNuz9Wt+
JLrZrO/WoivZykOorfYeQ42n/gcj62R+TvzIbsMyt9ummVNMRBJ1U9qILE2ynSRw
pZUb5adCTsBpqkhr7JIwzfZJsFybqQLqpeC67UPoHOA2IFxP5DytmPfpZNtU521Z
Cg0yyYMHHRu8D3LlqB8MAHwiOgGZMPwf9W3SpV6FghVE7k0ljGg7Ci2icrtKuLv8
Nz5a5ffrnhoE67z7uvdWY0nIzBNJAmLW6ytD6NbN0rrYzCGh0MT3Gd3xqdr2mMiE
u3x/N8sRfZoPcyVH5An7W/my/oQFO2EsEiWxzDd1uYerOGxqQFdPAV+X0Me1WVnf
M2d4/DIFlmtLp2vJlNnTVMg8Z0ZjJsSy2dgzi7cCrF9AgEMGITw=
=BRUH
-----END PGP SIGNATURE-----