# eSolia Nexus Security Information
# RFC 9116 compliant security.txt

# Security contact
Contact: mailto:security@esolia.co.jp
Contact: https://esolia.co.jp/contact

# Preferred languages
Preferred-Languages: en, ja

# Security policy
Policy: https://nexus.esolia.co.jp/SECURITY.md

# Canonical location
Canonical: https://nexus.esolia.co.jp/.well-known/security.txt

# Expires (1 year from last update)
Expires: 2026-12-23T00:00:00.000Z

# Acknowledgments
Acknowledgments: https://nexus.esolia.co.jp/SECURITY.md#acknowledgments

# Hiring (optional)
Hiring: https://esolia.co.jp/careers

# Encryption (PGP key - optional, add if available)
# Encryption: https://esolia.co.jp/.well-known/pgp-key.txt

# Our security posture
# - OWASP Top 10 2021 compliant
# - Multi-tenant isolation with org_id scoping
# - HMAC-SHA256 request signing
# - PII obfuscation for non-owner access
# - Audit logging of all administrative actions
# - Rate limiting on authentication endpoints
# - Cloudflare edge security (DDoS, WAF)