A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# Dear security researchers and pentesters,

# Thank you for your interest in helping us keep our systems secure.
# We appreciate your efforts in identifying potential vulnerabilities in our
# infrastructure.

# However, please note that at this time we do not have an active bug bounty
# program. While we welcome and encourage responsible disclosure of potential
# security issues, we do not guarantee or promise any specific rewards or
# compensation for submitted reports.

# That being said, if you come across something truly exceptional in your
# research, please reach out to us and we will do our best to work with you.

# Our security address
Contact: mailto:security@verkkokauppa.com

# PGP Key (Fingerprint 6380 3939 DF5B D462 7B34  9D02 EF31 A249 6901 1BF8)
Encryption: https://www.verkkokauppa.com/assets/static/pgp-key.txt

# Alternatively we can use Office 365 Message Encryption.
# Just send a plain text email with no sensitive contents and request an encrypted reply.

# Please communicate in English or Finnish
Preferred-Languages: en, fi

# Canonical location of this document
Canonical: https://www.verkkokauppa.com/.well-known/security.txt

# This document becomes stale after
Expires: 2025-02-01T00:00:00.000Z
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEY4A5Od9b1GJ7NJ0C7zGiSWkBG/gFAmWbvywACgkQ7zGiSWkB
G/hzaQ/8CM34FoFWzxFBt6ER6oLZQC9T6y0DcuTaqHYsoybSd9xYIdTCQtL/ltRd
fQLkISfLRS8vAuNcq851AYxSUuBjaho0R3ho0u8ze01afgxsSEtteAYg793mif9T
m/oVi393s+xT97AAUqMs1prrSYWd8fZMnqeXurnpmSZ9VaflLSWnrtIjTfNFElQx
InzzsRnf0Zc2k+0b/w7eANvbdRNHRAOitpIMaI0H04/VhGZBtIEDZ6d85efNOSwM
ciqzS931WwIfXGkgaz4Kq+egvC1GmrUy3sY4vVIzULf1TdZUNgGWYEAOrwlFAv+c
HYvjwkJE8hwSlrvKjgTYNafMs4R49RnpdSww3FJdV7YenVQGH+tTFvdCgSrAeWK9
PEFrKJk64vZ6ZqGVZvAoTD0BetEYxLDiVQQQXq0lXfx76FZGh2wqwRQdHtYAtpcp
7A3A+6TKSt+g+8ZptiWHsGGWbkV9MfjCtDk6v1UDnzdjzeVNBCoYwOqTDmv0UFYg
saCmXgoMYiTJk2h4k4yQkB+6ul3H9XOE8Vj26T276TCBoS6JU93ORJ572T8DA+LB
ZzFJfcRe0ghiJBxA+KRvHHXFhAOwPkBghFKW7o2xCU1YGmFGaz5VKj7vni1Y1vIH
aRfiGk7X6LorFL/v7RZzvTtxEHYDib4x1mQheLM6a08kut0c5tU=
=KfK8
-----END PGP SIGNATURE-----