A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# In case of security incidents please contact the
# Compass Security Incident Response Team (CSIRT)
Contact: mailto:sos@compass-security.com

# For vulnerability reports please contact the Compass Security Bug Bounty Team
Contact: https://bugbounty.compass-security.com/bug-bounties/compass-bug-bounty
Policy: https://bugbounty.compass-security.com/bug-bounties/compass-bug-bounty

# Open positions
Hiring: https://www.compass-security.com/en/company/jobs

Expires: 2025-12-31T00:00:0.000+01:00
Preferred-Languages: en, de