This repository hosts the public website for ToppyMicroServices OÜ.

For the full coordinated disclosure policy, see:

• https://toppymicros.com/security-policy.html

Machine-readable policy:

• https://toppymicros.com/.well-known/security.txt

In scope:

• Public assets under toppymicros.com
• Public GitHub repositories under ToppyMicroServices

Out of scope (non-exhaustive):

• Best-practice suggestions without a demonstrable exploit path
• Self-XSS and browser/devtools-only issues
• Volumetric denial of service

Please report vulnerabilities to:

• security@toppymicros.com

Include:

1. Affected asset and vulnerability summary
2. Reproduction steps / PoC
3. Impact assessment
4. Optional remediation guidance

• Acknowledgement target: within 5 business days
• Remediation target: generally 30 days; complex issues may require up to 60 days

If you act in good faith and follow the policy, we will not pursue legal action for your research activities.