Security
How we protect this website and report issues
Website Security
anchorcybersecurity.com is a static website served via Cloudflare's CDN with the following protections in place:
- TLS 1.2+ encryption for all traffic
- Cloudflare DDoS mitigation and WAF
- HTTP security headers (HSTS, CSP, X-Frame-Options)
- Contact form requests processed by Cloudflare Workers (serverless, no persistent storage)
- No user accounts or stored credentials on this site
Reporting a Vulnerability
We take security reports seriously. If you discover a vulnerability on any of our sites or products, please report it responsibly:
- Email: [email protected]
- Include a description, steps to reproduce, and impact assessment
- Allow us reasonable time to investigate and remediate before public disclosure
- Do not access, modify, or exfiltrate data beyond what is necessary to demonstrate the vulnerability
We will acknowledge receipt within 2 business days and provide a resolution timeline. We do not currently offer a paid bug bounty program, but we will publicly acknowledge responsible disclosures upon request.
Machine-Readable Disclosure
We maintain a security.txt file (RFC 9116) at /.well-known/security.txt, PGP-signed with our public key. Security researchers and automated scanners can use this to verify our disclosure contact and encryption key. Researchers who responsibly disclose valid findings are listed in our acknowledgments.