A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

Contact: mailto:security@acquia.com
Expires: 2025-01-01T00:00:00z
Acknowledgments: https://www.acquia.com/why-acquia/industries/security#security-hall-of-fame
Preferred-Languages: en
Policy: https://www.acquia.com/why-acquia/industries/security#responsible-disclosure

Note: Acquia currently does not have a bug bounty program or any kind of financial compensation for valid reports. However we are happy to credit researchers with their name and a link to a professional profile (e.g. linkedin) on our Hall of Fame for valid reports that lead to corrective action.