A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Meta-data

# If this file is still online after the expires date, it became a joke.

Expires: 2026-04-01T01:00:00.000Z



# Contact

Contact: mailto:csirt@itris.ch

Contact: https://one.itris.ch/operations/digital-forensics-incident-response/

Preferred-Languages: en, de



# Encryption

Contact: https://one.itris.ch/operations/digital-forensics-incident-response/

Encryption: https://www.itris.ch/.well-known/pgp-public_csirt-itris.ch_2025-04-01.asc



# Jobs

Hiring: https://jobs.itris.ch/karriere-bei-itris/



# Policy

Policy: https://one.itris.ch/.well-known/itris-csirt.txt



# Canonical

Canonical: https://one.itris.ch/.well-known/security.txt

Canonical: https://www.itris.ch/.well-known/security.txt