A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.
# Our security address is the same as our main email address Contact: mailto:contact@theantisocialengineer.com # PGP All well and good to encrypt, but we don't ever want to miss reports due to an error so we do not use PGP for security reports. # Our security policy Practice what you preach hey, this is what we use to help people understand our reports. https://theantisocialengineer.com/security-reporting-information/ if you have a concern please raisie this with us and know we will take the issue seriously. We will try to publicise your report and issue if wanted. #Like OpenBugBounty? We do too OpenBugBounty: https://openbugbounty.org/bugbounty/antisocial_eng/
This policy crawled by Onyphe on the 2021-10-29 is sorted as securitytxt.
FireBounty © 2015-2024