Security Policy

Last updated: March 2026

1. Our Commitment

As a cybersecurity consultancy, DARS holds itself to the highest security standards. We practice what we preach. This page documents our security commitments and provides a channel for responsible vulnerability disclosure.

2. Vulnerability Disclosure Policy

If you believe you have discovered a security vulnerability in any DARS system or website, we encourage you to report it responsibly. We take all reports seriously and will work to address confirmed vulnerabilities promptly.

3. How to Report

Email: info@darsllc.org with subject line "Security Vulnerability Report"

Please include a description of the vulnerability, steps to reproduce, potential impact assessment, and your contact information for follow-up.

4. What to Expect

We will acknowledge your report within 2 business days. We will investigate and provide an initial assessment within 5 business days. We will keep you informed of our remediation progress. We will not take legal action against good-faith security researchers.

5. Scope

This policy covers: darsllc.org (all pages and subdomains), DARS API endpoints, and any DARS-operated web applications.

6. Out of Scope

Social engineering attacks, denial of service attacks, physical attacks, and third-party services linked from our site are out of scope.

7. Security Measures

DARS implements the following security measures on our own infrastructure:

• TLS 1.2+ encryption for all connections
• HSTS with 6-month max-age
• Content Security Policy headers
• No third-party tracking scripts or cookies
• Cloudflare DDoS protection and WAF
• Regular security reviews of our own infrastructure
• Principle of least privilege for all access

8. security.txt

Our security.txt file is available per RFC 9116.

9. Contact

For security matters: info@darsllc.org