A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# Our canonical URI
Canonical: https://www.continental.com/.well-known/security.txt

# Our central cybersecurity contact
Contact: mailto:csirt@continental.com

# OpenPGP Key for csirt@continental.com
Encryption: https://www.continental.com/.well-known/pgpkey-continental.txt

# To report security information related to products of Continental Automotive
Contact: mailto:psirm@continental.com
Contact: https://www.continental-automotive.com/en/company/psirm-website.html

# OpenPGP Key for psirm@continental.com
Encryption: https://www.continental-automotive.com/en/company/psirm-website.html

# Our preferred languages
Preferred-Languages: en, de

Expires: 2025-09-23T12:00:00.000Z
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE6e/vwNOK4x11/REGtiQQ1PAWcAQFAmbyyPEACgkQtiQQ1PAW
cASkXwgA3Xl+zZOPCMOg3iDsJmz9lejcReM5KWPcU3/PIkpGZr5dZQvIC1bLnhQQ
saF9miVZKx/7SzL2uio+jStZf+Wj57ontXW4kOlOVdMeTokvH18nQtsPjMRTBjZ/
P+QPTJ2zggkC7t6F/WgRsYo91KQWCrKerqoX4s90jvn4n2wHJK+2NMJdZ0Vh1JFd
lNwu/Fx56sMKGve4affSLn4xNl+OEzxpdN6pYfIiwKlkLzC4JIinKHRp6x7Jm1up
jnLzPcHSiNqVjZAC1cJFondtH+kULHw0gOOfA1DFpYYfOKlHfk4pGBUcBwJ6CvKU
J7lcaFM6AxtyMuKyR3C3qKPd1KV3JQ==
=ig0T
-----END PGP SIGNATURE-----