Security Policy

This document outlines the security and responsible disclosure policy for Weby.Email (WyE) and its verification infrastructure, including Verifier.Legal and all related TrustDomain services.

1. Responsible Disclosure

WyE encourages security researchers and users to report discovered vulnerabilities responsibly. We do not pursue legal action against individuals who act in good faith and follow this policy.

2. How to Report

• Send your report to security@weby.email.
• Include detailed information such as affected domain, URL, vulnerability type, reproduction steps, and potential impact.
• Please allow up to 30 days for an initial response while the issue is reviewed and validated.

3. Scope

This policy applies to all domains and verticals operating within the WyE Trusted Digital Identity (TDI) infrastructure, including but not limited to:

• Weby.Email — Infrastructure and coordination entity.
• Verifier.Legal — Digital verification authority.
• Notary.Legal and other WyE professional verticals.

4. Out of Scope

• Social engineering or phishing attempts targeting WyE personnel or affiliates.
• Denial-of-service (DoS) and automated load testing.
• Vulnerabilities in third-party platforms or plugins not controlled by WyE.

5. Our Commitment

• All valid reports will be acknowledged (with consent of the reporter).
• All communications are treated confidentially and used only for remediation.
• WyE aims to patch or mitigate confirmed vulnerabilities within 60 days.