A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an origanisation will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifable via a simple way, a security.txt notice.
# Our security acknowledgments page Acknowledgements: <a href='https://www.easytimeclock.com/About'>https://www.easytimeclock.com/About</a> # Our security address Contact: <a href='mailto:webreg@easytimeclock.com'>webreg@easytimeclock.com</a> # Our PGP key Encryption: openpgp4fpr:1456b5deb57e82fc0486c5339c4de779ed78404f # File Permissions Permission: none # Our security policy Policy: <a href='https://www.easytimeclock.com/TermsAndConditions.pdf'>https://www.easytimeclock.com/TermsAndConditions.pdf</a>
This policy crawled by Onyphe on the 2021-01-03 is sorted as securitytxt.
FireBounty © 2015-2021