A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.
# https://www.torproject.org/about/contact#security Contact: tor-security@lists.torproject.org Encryption: openpgp4fpr:8B904624C5A28654E4539BC2E135A8B41A7BF184 Acknowledgment: https://traumschule.org/trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy Policy: https://traumschule.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy Hiring: https://traumschule.org/www.torproject.org/about/jobs Permission: none # RFC-URL: https://tools.ietf.org/html/draft-foudil-securitytxt-04 Signature: https://traumschule.org/torproject.org/.well-known/security.txt.sig
This policy crawled by Onyphe on the 2021-11-30 is sorted as securitytxt.
FireBounty © 2015-2024