# security.txt

**Version**: 4.4.2  
**Owner**: FirstTry Solutions  
**Last Updated**: 2026-02-26  
**Review Cycle**: Annual
**Doc ID**: FT-TRUST-019  

---

## Overview

This document provides pointers to FirstTry security information in standard format (adapted for documentation from RFC 9116 `.well-known/security.txt` specification).

**Standard location**: `.well-known/security.txt` on FirstTry's website (if hosted independently)

**For Forge app**: Refer to this document for security information locations.

---

## Security Information Contacts

```
Contact: security.contact@firsttry.run
Contact: contact@firsttry.run
```

---

## Vulnerability Disclosure

```
Disclosure: https://github.com/Firsttry-Solutions/firsttry/docs/trust/VULNERABILITY_DISCLOSURE_POLICY.md
```

---

## Security Policies

```
Policy: docs/trust/SECURITY_OVERVIEW.md
Policy: docs/trust/THREAT_MODEL.md
Policy: docs/trust/VULNERABILITY_DISCLOSURE_POLICY.md
```

---

## Acknowledgments

```
Acknowledgments: https://github.com/Firsttry-Solutions/firsttry/blob/main/SECURITY_ACKNOWLEDGMENTS.md
```

---

## References

- [RFC 9116](https://www.rfc-editor.org/rfc/rfc9116.html): Web Security Policies via Well-Known URLs
- [SECURITY_CONTACT.md](SECURITY_CONTACT.md): Detailed contact information
- [VULNERABILITY_DISCLOSURE_POLICY.md](VULNERABILITY_DISCLOSURE_POLICY.md): Reporting process