A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# For security issues related to Amazon Web Services (AWS), please see our security policy
Policy: https://aws.amazon.com/security/vulnerability-reporting/

# To contact AWS regarding a vulnerability
Contact: mailto:aws-security@amazon.com
Preferred-Languages: en

# We support PGP encryption
Encryption: https://aws.amazon.com/security/aws-pgp-public-key/

# This file expires every 365 days
Expires: 2024-09-29T05:00:00.000Z

# We're hiring - join Amazon Security!
Hiring: https://www.amazon.jobs/en/business_categories/amazon-security