A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.
# UK Ministry of Justice (MoJ) # Reporting security vulnerabilities to the MoJ # Please read our disclosure `Policy` before testing systems or reporting issues to us. Contact: https://hackerone.com/c532d916-6529-4495-a241-eb7431cfd134/embedded_submissions/new # Our disclosure policy # By submitting a potential security incident to us, you are implicitly accepting these terms - please read this before submitting: Policy: https://mojdigital.blog.gov.uk/vulnerability-disclosure-policy/ # Our acknowledgements & thanks Acknowledgements: https://mojdigital.blog.gov.uk/vulnerability-disclosure-policy/thank-you-to-the-security-research-community/ # If you’re interested in working at the MoJ (including in our cybersecurity and privacy teams): Hiring: https://jobs.jobvite.com/justicedigitalandtechnology/jobs # Please see https://securitytxt.org/ for details of the specification of this file # H/T to https://www.bbc.com/backstage/security-disclosure-policy/ # <3 MoJ Digital & Technology Security & Privacy team # Read more about the MoJ https://www.gov.uk/government/organisations/ministry-of-justice # Read more about MoJ Digital & Technology https://mojdigital.blog.gov.uk/
This policy crawled by Onyphe on the 2021-05-05 is sorted as securitytxt.