A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Thank you for wanting to report a vulnerability or other security issue to Vodafone Germany.

# Please use the below HackerOne link to report your finding:
Contact: https://hackerone.com/42d238f6-efe2-4e62-b641-e914510dd9ab/embedded_submissions/new

# See the section "Hall of Fame" (page in German).
Acknowledgments: https://www.vodafone.de/unternehmen/cyber-security.html

# We welcome reports via HackerOne in English.
Preferred-Languages: en

Canonical: https://www.vodafone.de/.well-known/security.txt

# For our global responsible disclosure policy:
Policy: https://www.vodafone.com/about-vodafone/how-we-operate/consumer-privacy-and-cyber-security/cyber-security/report-a-vulnerability

# If you want to help make Vodafone a more secure place for our customers, we are always looking for new cyber security talents.
# In German:
Hiring: https://careers.vodafone.com/de/
# In English:
Hiring: https://careers.vodafone.com/

Expires: 2032-12-31T23:00:00.000Z
# Version: 1.0