A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Bug Bounty/Reward:  While we appreciate the help of the global security research community, we currently do not offer a reward programme
# Please do not report:  Issues related to DoS, Bruteforce, Social engineering, expired certificates, security headers and spf/dkim/dmarc configuration issues
# Please do report:  OWASP Top 10 related vulnerabilities and sensitive data leaks along with detailed description, including steps on how to reproduce

Contact: mailto:appsecurity@vestas.com
Preferred-Languages: en
Hiring: https://careers.vestas.com/