A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Security address


Contact: mailto:bug-hunters@tinkoff.ru





# Private Bug Bounty program


Contact: https://hackerone.com/tinkoff





# Bug Bounty policy


Policy: https://hackerone.com/tinkoff?view_policy=true





# Accepted languages


Preferred-Languages: ru, en





# This file was served via


Canonical: https://www.tinkoff.ru/.well-known/security.txt





# Join our security team


Hiring: https://www.tinkoff.ru/career/it/?specialtyUrl=informacionnaya-bezopasnost