A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.
# If you discover a security vulnerability on one of our websites # please contact us: # Our responsible disclosure guidelines: Policy: http://msd.govt.nz/about-msd-and-our-work/tools/responsible-disclosure-guidelines.html # Our security email address Contact: firstname.lastname@example.org # Our PGP key for the above email Encryption: https://pgp.mit.edu/pks/lookup?op=get&search=0x4FF711A8795E7887 # Verify this security.txt file Signature: https://msd.govt.nz/.well-known/security.txt.sig
This program crawled on the 2020-03-03 is sorted as securitytxt.
FireBounty © 2015-2023