A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# This security.txt file follows the standard specified in RFC 9116
# https://www.rfc-editor.org/rfc/rfc9116.html__;!!P9vvK-4S!k4OXa2Y5beJxlkD0SgPSR9q2bUGYARLffhrZlhNZRhTus-7yk61IeDxnRaufmK0V8GQVvqvI09TrL9v6ZRc$ 
 
Contact: mailto:vdp@ldry.com
Contact: https://hackerone.com/fertitta_entertainment/reports/new?type=team&report_type=vulnerability__;!!P9vvK-4S!k4OXa2Y5beJxlkD0SgPSR9q2bUGYARLffhrZlhNZRhTus-7yk61IeDxnRaufmK0V8GQVvqvI09TrdXKktC8$ 
Expires: 2026-11-13T00:00:00.000Z
Policy: https://hackerone.com/fertitta_entertainment/__;!!P9vvK-4S!k4OXa2Y5beJxlkD0SgPSR9q2bUGYARLffhrZlhNZRhTus-7yk61IeDxnRaufmK0V8GQVvqvI09Tr4dxWeHU$ 
Canonical: https://fertittaentertainmentinc.com/.well-known/security.txt__;!!P9vvK-4S!k4OXa2Y5beJxlkD0SgPSR9q2bUGYARLffhrZlhNZRhTus-7yk61IeDxnRaufmK0V8GQVvqvI09TrW1iq41o$ 
Preferred-Languages: en
 
# Vulnerability reports must be submitted through HackerOne to be evaluated and triaged.
# Questions about the vulnerability disclosure program can be sent to vdp AT ldry dot com.
 
Acknowledgments: https://hackerone.com/fertitta_entertainment/thanks__;!!P9vvK-4S!k4OXa2Y5beJxlkD0SgPSR9q2bUGYARLffhrZlhNZRhTus-7yk61IeDxnRaufmK0V8GQVvqvI09Tr9RGjopQ$ 
 
# For complete scope including all domains and assets owned by Fertitta Entertainment, LLC
# and its divisions, subdivisions, and subsidiaries, please see:
Scope: https://hackerone.com/fertitta_entertainment/policy_scopes__;!!P9vvK-4S!k4OXa2Y5beJxlkD0SgPSR9q2bUGYARLffhrZlhNZRhTus-7yk61IeDxnRaufmK0V8GQVvqvI09TrnbTh1eo$