A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

#Tenable - Please read our vulnerability reporting policy before reporting any security vulnerabilities to us via the following email address.
Contact: mailto:vulnreport@tenable.com
Policy: https://www.tenable.com/security/report

#A hall of fame page is maintained for qualifying submissions.
#Tenable does not currently pay bounties for vulnerabilities.
Acknowledgements: https://www.tenable.com/security/report/hall-of-fame

#Expiration Date
Expires: Wed, 1 Mar 2024 00:00 -0400

#We're continually recruiting, please visit the link below and search for "information security"
Hiring: https://careers.tenable.com