A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.
# For email servers supporting high-grade TLS only (rejects insecure transports): Contact: mailto:fulcrm-security@secure.faelix.net # Otherwise: Contact: mailto:fulcrm-security@alias.faelix.net Encryption: https://maz.nu/pgp.txt # Otherwise: Contact: https://twitter.com/faelix Contact: https://fulcrm.org/about/contact?subject=security
This policy crawled by Onyphe on the 2021-07-06 is sorted as securitytxt.
FireBounty © 2015-2024