A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Security.txt for https://www.jagex.com 
 
# Canonical URI 
Canonical: https://www.jagex.com/.well-known/security.txt 
 
# Our vulnerability report submission form 
Contact: https://hackerone.com/jagex/reports/new?type=team&report_type=vulnerability 
 
# General-purpose security contact address 
Contact: mailto:security@jagex.com 
 
# Our bug bounty policy and program platform 
Policy: https://hackerone.com/jagex?type=team 
 
# Top bug bounty participants 
Acknowledgements: https://hackerone.com/jagex/thanks 
 
Hiring: https://apply.workable.com/jagex-limited/?lng=en#jobs 

 
Preferred-Languages: en 
 
Expires: 2026-12-31T23:59:59z