A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Dear security researchers and pentesters,

# Thank you for your interest in helping us keep our systems secure.
# We appreciate your efforts in identifying potential vulnerabilities in our
# infrastructure.

# However, please note that at this time we do not have an active bug bounty
# program. While we welcome and encourage responsible disclosure of potential
# security issues, we do not guarantee or promise any specific rewards or
# compensation for submitted reports.

# That being said, if you come across something truly exceptional in your
# research, please reach out to us and we will do our best to work with you.

# Our security address
Contact: mailto:security@verkkokauppa.com

# PGP Key (Fingerprint 6380 3939 DF5B D462 7B34  9D02 EF31 A249 6901 1BF8)
Encryption: https://www.verkkokauppa.com/assets/static/pgp-key.txt

# Alternatively we can use Office 365 Message Encryption.
# Just send a plain text email with no sensitive contents and request an encrypted reply.

# Please communicate in English or Finnish
Preferred-Languages: en, fi

# Canonical location of this document
Canonical: https://www.verkkokauppa.com/.well-known/security.txt

# This document becomes stale after
Expires: 2026-02-01T00:00:00.000Z
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEY4A5Od9b1GJ7NJ0C7zGiSWkBG/gFAmfae6sACgkQ7zGiSWkB
G/iAkw//bLaLoyklDW6MjSHXyg6ZqjScV6NCi69NAMUDu5DV/xK7ZrdlgY+EtEYQ
/BmkWCfpChbPAwBBlbDl3RzuVgcB3au6SwjNMv253ECmkepLpQbNQx+TVIf2/4oC
R7FQFmdB2VNvmhlj2l0/5sL9oyMWMcEei6n9sgeKDlb9JftVMTaCcgR2dHFGlBfy
eeSWbA9fsipRfmq9BCzoaro5UBHGwbklIXRQiL+nX9SV7JGv3ewVc6GSr2xeEUoW
fG+ZfReh8HXQGxbtGlq5eksZQDdmEsBN5dg9nI7D9KQGWo8Kxz9Slg7FMbo0406s
reEUWCY7xR78IgwrP7p8GgWHXEl4MD0r03hosn0luAn6ut3B0pSLp1yP8iH84Vk3
L2wEDl9tbK/pYxQAIkniNPpC0RLsKgwsITSpcb88otzaeh/u/OTv6GQnMU6Ve6WV
RJc8pt9amOISXRCoPysLPDpT04jByc7CHrr5Tp+cawpIp7RwpFEu6rlH/K1EhIRO
O5g8NCakCXK+oXhh74vBL0XT6WmBJBzQqICJfuHNTXiPHybTVAKy4fG7Xv2Mh6io
kzwXQia2cDPZvxpxwXXEF+qLvkP/fCd1U0+jSnjchh65G5rWZ7yYQNVg6opKvNcV
zTtos/m4Wwi6IESDbMjmtJgmWqEkf/Uh6sAU60cni68Mjz/WOgs=
=19r6
-----END PGP SIGNATURE-----