A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Contact: https://hackerone.com/automattic/reports/new Contact: mailto:security@automattic.com Encryption: https://automattic.com/security/pgp-key/ Acknowledgements: https://hackerone.com/automattic/thanks Policy: https://hackerone.com/automattic Canonical: https://automattic.com/.well-known/security.txt -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEYKyypKR9U0RG/Ui2MlnE6I/leIgFAmBCqW0ACgkQMlnE6I/l eIiFYA//SyDQXh4QA0TR//9G2YWmZtEPro9YfpMps9VawqYPncjKemBso8eZ+75T 0JmS67dvHvBDj8AjqXOkkvsvdVX95AyEcjX+gPnht7Ek5gYxZnerEXhyv4DXaMuu Zk2YpxCweAEpZbv3zO7Zoy7ZRW8xFeh1ne2GJ+w40tQ6idO7mr3J7wwgNgnvtZfk Q8B/exNj2VG9KSi832hFXZmwbIrrWHlA14z4l3zrFJAZiA+SjBpDC+kW7Zz+Qqa/ Ljnq+r5bMFaa4tI/9dR63P6qZsQMfgvysdu/ivkSSVxWAYzuJoyupUFqcDfd84R6 9N98tHEpqQMb3kpHfZnU/W/iswrp4abNVmz6T80EvRvyl5n/PIV3c5KrQvCAcriv Q3bk2o7djwSfUEufb1Y4k/mUEjXPdIf4/36YQe2NysiD8kKxlVcrrLllkwWD0voI EPpJHetHzHrOhp9VNfn0Cbg7vuArg6A0iTd2yckusJ0Sm6o/EajS1+WoouRRFb4v qD6vrJavW+KfAIho5N4Aua6WxxJVGGs66yxvyNbJBKSBymgB4WsD5LgCIbM8I/FG tg3sQuD8Y7F2wcR+NdoR50b00jXj5WXQyjCu7VVFI9Qu31pvNcHgENu3NBVzapC8 1ztU7zTCC6B3jOY2GzLOsuBvmjJWUaPBwh/g+Mea5KFxuDNv9RU= =N2B0 -----END PGP SIGNATURE-----
This policy crawled by Onyphe on the 2021-04-03 is sorted as securitytxt.
FireBounty © 2015-2024