A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.
# When investigating or reporting security incidents, NeverBounce requests the # following considerations be made: # # - Avoid running automated tests, scans and DOS attacks. # - Avoid accessing any data not belonging to you. # - Make a good faith effort to avoid privacy violations, destruction of data, # and interruption or degradation of our service. # - Disclose any security vulnerabilities as soon as possible to the contact # below, using the encryption key provided to ensure secure disclosure. # - Allow NeverBounce ample time to review and address all security disclosures # before any public disclosures are made. # - If disclosures are handled responsibly and ethically, NeverBounce may issue a # reward for your cooperation. # Contact: mailto:firstname.lastname@example.org Encryption: https://neverbounce.com/.well-known/public-pgp-key.txt Signature: https://neverbounce.com/.well-known/security.txt.sig Acknowledgements: https://neverbounce.com/.well-known/security.acknowledgements.txt
This policy crawled by Onyphe on the 2021-07-06 is sorted as securitytxt.