A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Our canonical URI
Canonical: https://www.hs-bremen.de/.well-known/security.txt

# Our security address
Contact: mailto:security@hs-bremen.de
Contact: https://www.hs-bremen.de/en/security

# Our OpenPGP key
Encryption: https://www.hs-bremen.de/en/security

# Our security acknowledgments page (Hall of fame)
Acknowledgments: https://www.hs-bremen.de/en/security/hall-of-fame

# Our preferred languages
Preferred-Languages: de, en

# Our disclosure policy
Policy: https://www.hs-bremen.de/en/security/disclosure-policy

Expires: 2029-12-31T12:00:00.000Z