A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Our security.txt
#
# Last updated: 2024-07-05
#
# Thank you for contacting us about security issues. We value your input and encourage responsible disclosure.
 
Contact: tech_inquiries@glic.com
Reporting Process:  https://www.guardianlife.com/.well-known/security-vulnerability-reporting-process.txt
Preferred-Languages: en
Canonical: https://www.guardianlife.com/.well-known/security.txt

 
# Report Format
# Please include as much information as possible with your report:
# - Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
# - Full paths of source file(s) related to the manifestation of the issue
# - The location of the affected source code (tag/branch/commit or direct URL)
# - Any special configuration required to reproduce the issue
# - Step-by-step instructions to reproduce the issue
# - Proof-of-concept or exploit code (if possible)
# - Impact of the issue, including how an attacker might exploit the issue
 
# Legal Statement
# We pledge not to initiate legal action against researchers who submit vulnerability reports through our vulnerability reporting mechanisms and who adhere to responsible disclosure guidelines.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGNBGaITGMBDAClS4DnbeIa9vO3Pc3CvE9Cmne0ive4z1HFqKN/i1olCXFOF9Dd
nHorDUvIbYlkd3OWPJ7uZZI0cbldf+Jr7C/saF3aV6eXI0/18jB/5bYN2PBLxkjz
G6VzlaazGVtu/w2P/RWOKJo5lC4fWsIS5hUTYtHB4PJeutX4QxMYZWvUdnkzOdUe
rfqXeHX7fvcFp2y/3bEpP7AvG9Ne38n51tINXtiz3D49GY9MVLMoSIPyi29LRFQp
OY7poY1oNwURqP6GIcILeRBwQYHI5AOJsUaEZMvXYn/UxKk+mOswKoYL7udTGz/Y
ctZbNOlL2c/zZaSyO1wNvjQflGws7z3oCod+YdO4VNOasgV2PIpMTvg22n3rswTo
AG/azSOHZHV7gt5E73y3XM2zkL8NXVNTSu2r5Scq/CBUbInRrqcHUF8uRmxjGDTg
YAXbb5d0X6Yb1cCUx9JitKyhe7SBFZTz64rxXmUZL7yXK+iF/ZQSDFMT3q2ZdgEa
rSVcYDpc0HzEsdcAEQEAAbQuVGVjaCBJbnF1aXJpZXMgKFZEUCkgPHRlY2hfaW5x
dWlyaWVzQGdsaWMuY29tPokB1wQTAQgAQRYhBEOBOey6/1Wg9o81lf8doRt98uC2
BQJmiExjAhsDBQkCx+oABQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEP8d
oRt98uC23MsL/1Xt2YinG/cN7Lx9XCJr3HJkXU1J4tJ7CRw8Ta1BIuOrRtm+QB9h
qzU2I7IZCcDzFlYZcrJitvVKMIzURBJ8kLla2++J9XiV5XYTFotOmndst7Y0VAuP
hpPI/0tVaUQ4Lbzc/jmqi4i3w3zcJufD6BQI9h/w97HH1iWGKNOXhJFS3iOPRGPG
jGJ+cfLjqd7uwtLmerHZVl7j4cAPkj59SHuGZ14yOra9SZ2pZugqC3t12XweYFiR
xU/FEEm9UnR+abXksnuOnRuWfBUkmWZvmF/ml1vYJeigGJmsM+soOMccvNigr7ZH
mqPDNEgQrk3xmXydqtdjfata8IFxZW+9S60vlOTHE7z/AqcWjhnAN+dMuIBzFrWx
sVh0XYgsegiSxAGx4nfvhLd1658FCAc3H8BjkOrsnJLSgbxzGXtsb04Oa61eGUkN
rS4yTlzzyXdc9n+RcylRVNCSQS9prrrmDOYqrYxb7Qr6xL6fLUVE3qsB7Thii+6d
KzBaT1mI+RSQhLkBjQRmiExjAQwA5tlvbeIcrlsSEro/2O2vNgfsK0uhd+88sK+L
SuQchzjIGgvx6QGKWnp1wje5M6lZL6+DlbvhqMFyTHD1YKaWljluuGebnrebLMIA
N++dNfq7MzDg1mij4/KdDJ5QHcuaxlQEl1/mrDLimLpOtYdpbzmE0cxXi7ab4fi1
sdhUfnGqEew2yAt+XNzSB+uSm96tY8uHHFXGSljbXCbsRDWMLcaRwH8UK6rIahUY
G2QozersYMWF3sTnrFXygs7+7L7l59Z2gQD7b3M7vhC9zQX7XCCenOQIkt1AScKO
PZxuXLFUwdIiPvQNOeReq9dUrGLHZgX7LMCxMHcTW3u7qy1ZXSzlkk9UxDK+55Cb
pcEPgkX2/2s9Y2QxRfPAEyGW0bx9WA6fZ0SAVstJ18pfLO3r8s3bP72SZkLGVPSJ
LNmnW43+72F8mDn2dutuNNIUrI4EdwoJJPzXfTWi4j9y8AlBlap6QonigTvb0+ow
VZ0BRSVLxjqaEiLWjpCh2TWiXSLPABEBAAGJAbwEGAEIACYWIQRDgTnsuv9VoPaP
NZX/HaEbffLgtgUCZohMYwIbDAUJAsfqAAAKCRD/HaEbffLgtqlrC/0ZNAGshm8E
7vYFsnbP7xuyo4yGovjuUHrbZs2fz2rlWetK/ogE/UeaXTsLl9qFd9IhXT0z22FA
H0/FFHzlFO35tEwkrXSBnUaj9gN+6MRZDJz7meT3Qof68YH8gn/TKkDUVjK6w2E8
6oOax+iWt9tK+ml1b4p5N4K32jApktn1kFvS9Q7p97LBAYnhOUb5F5oI6swGtveU
5jG7mAQNeOT1jQ+Igwbwy2Q5BfjivcDT33dlthGe51CUMTF9K3K7/l7okPzmEad1
y8zF4afNXBxJrxdz86Uud7GbPWQwTmaoBCMtdJKWrIBArHTUFgy7ygA1dVhBE60k
+Sg4vo9mjKkV9gXQqFjICEYWnKbmOeG2rL3M/qQ7ijncn0F6HLITNZUfuZb//xpG
zkRL219vPClgMME2EHJyMsG/8/WhOvcZVuSYCPhQqwi/sVIyrqirZ0JSnmLF2Zql
FcE3H2g/cxnQaM1TzpyOIVj9Zc9o6BsAl86yweMIgL79rHcqFZhaPE4=
=Ue8L
-----END PGP PUBLIC KEY BLOCK-----