A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# What's this file? RFC 9116; https://securitytxt.org/

# Information related to reporting security vulnerabilities of this site.



# How to communicate about security issues.

Contact: mailto:csc@terveystalo.com



Expires: 2026-01-31T17:00:00Z



# Encryption



# Preferred languages for communication.

Preferred-Languages: fi, sv, en



Canonical: https://www.terveystalo.com/.well-known/security.txt



# What security researchers should do when searching for or reporting security issues.

Policy: At the moment we do not have an active bug bounty program, but we encourage responsible disclosure of any vulnerabilities. If you identify an issue, please share detailed information to help us address it effectively.