A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.
# Preferred contact by email Contact: sikkerhet@sbanken.no Contact: https://sbanken.no/security # For urgent contact Contact: +47 55 26 00 00 in the following opening hours: Monday-Friday: 07 - 22 Saturday-Sunday: 10 - 18 Public holidays: Closed # Use this PGP Key for email Encryption: https://sbanken.no/pgpkey.txt Acknowledgements: Emilien Socchi and Harrison Sand from mnemonic - for discovering a nice XSS in the online bank
This policy crawled by Onyphe on the 2020-10-04 is sorted as securitytxt.
FireBounty © 2015-2024