A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# If you would like to report a security issue to Roche,









# please contact us by email below. Please include details.









# If the issue is severe, we may invite you to join our bug









# bounty program on HackerOne, where we offer bounties for









# high quality and high impact issues.









Contact: mailto:security@roche.com









Policy: https://hackerone.com/roche?view_policy=true



















# OpenBugBounty Site Verification









OpenBugBounty: https://openbugbounty.org/bugbounty/roche_security/