A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# For security issues related to Amazon Web Services (AWS), please see our security policy

Policy: https://aws.amazon.com/security/vulnerability-reporting/



# To contact AWS regarding a vulnerability

AWS Vulnerability Disclosure Program: https://hackerone.com/aws_vdp

Contact: mailto:aws-security@amazon.com

Preferred-Languages: en



# We support PGP encryption

Encryption: https://aws.amazon.com/security/aws-pgp-public-key/



# This file expires every 365 days

Expires: 2025-09-17T18:37:07z



# We're hiring - join Amazon Security!

Hiring: https://www.amazon.jobs/en/business_categories/amazon-security