A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# This is a security.txt file according to https://tools.ietf.org/html/draft-foudil-securitytxt-03

# and https://securitytxt.org/

# We currently don't have a bug bounty in place but below you can find information on 

# reporting security issues to us, for which we thank you in advance and will publicly

# acknowledge your contributions in our blog. Thank you for helping us make our product better

# and more secure!



# Our security address

Contact: security@acrossecurity.com



# Our PGP key

Encryption: https://www.acrossecurity.com/pgpkey.asc