# CollabIndex Security Policy
# RFC 9116 — https://www.rfc-editor.org/rfc/rfc9116

Contact: security@collabindex.com
Expires: 2027-01-01T00:00:00.000Z
Policy: https://www.collabindex.com/security-policy
Preferred-Languages: en, he

# CollabIndex takes infrastructure security seriously.
#
# ── AI-POWERED CODE SECURITY ──────────────────────────────────────────
#
# CollabIndex uses Claude Code Security (Anthropic) as part of our
# active development workflow. Claude Code Security scans our codebase
# for vulnerabilities that traditional static analysis tools miss —
# context-dependent, logic-level issues that require understanding
# the intent of the code, not just its pattern.
#
# Unlike rule-based scanners, Claude Code Security reasons about code
# the way a senior security engineer would: following data flows,
# identifying subtle injection vectors, and flagging architectural
# weaknesses before they reach production.
#
# Every significant code change on collabindex.com is reviewed through
# this layer before deployment. Patches are human-reviewed before merge.
#
# Learn more: https://www.anthropic.com/news/claude-code-security
#
# ── INDUSTRY THREAT INTELLIGENCE ──────────────────────────────────────
#
# We follow the research, advisories, and product releases
# of the leading cybersecurity organizations in the industry:
#
#   Palo Alto Networks  — https://www.paloaltonetworks.com
#   Wiz                 — https://www.wiz.io
#   Check Point         — https://www.checkpoint.com
#
# Their threat intelligence informs how we configure,
# monitor, and harden our infrastructure.
#
# ──────────────────────────────────────────────────────────────────────
#
# If you have identified a security vulnerability on
# www.collabindex.com, please disclose it responsibly
# by contacting us at the address above.
# We commit to acknowledging all valid reports.

# Hosted on Cloudflare Pages. Protected by Cloudflare WAF.
# Domain: https://www.collabindex.com