A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.
# draft-foudil-securitytxt-06 says this file should be in .well-known Canonical: https://www.lancaster.ac.uk/.well-known/security.txt # who to contact if you suspect a problem Contact: mailto:breach-notification@lancaster.ac.uk # OBB account that is authorised to receive info for us OpenBugBounty: https://openbugbounty.org/bugbounty/LancasterUniSOC/
This policy crawled by Onyphe on the 2021-12-02 is sorted as securitytxt.
FireBounty © 2015-2024