A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

#Tenable - Please read our vulnerability reporting policy before reporting any security vulnerabilities to us via the following email address.
Contact: https://hackerone.com/tenable
Contact: mailto:vulnreport@tenable.com
Policy: https://www.tenable.com/security/report

#A hall of fame page is maintained for qualifying submissions.
#Tenable does not currently pay bounties for vulnerabilities.
Acknowledgments: https://www.tenable.com/security/report/hall-of-fame

#Expiration Date
Expires: 2026-03-03T00:00:00.000Z

#We're continually recruiting, please visit the link below and search for "information security"
Hiring: https://www.tenable.com/careers