A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256



Canonical: https://www.medel.com/.well-known/security.txt



# Email address to report a vulnerability in a MED-EL product

Contact: mailto:productsecurity@medel.com



# Email address to report a vulnerability in MED-EL's web site and web services

Contact: mailto:it-security@medel.com



# OpenPGP Public Key

Encryption: https://medel.ent.box.com/s/nmxacakolhxquntym5el6he1e8jjfd70



#MED-EL's vulnerability handling and disclosure policy

Policy: https://www.medel.com/terms/medel-vulnerability-handling-and-disclosure-policy



Expires: 2026-10-17T22:00:00.000Z

-----BEGIN PGP SIGNATURE-----



iQIzBAEBCAAdFiEE0IlR0+Odd4As8ImkN4zypIiaNS4FAmc981kACgkQN4zypIia

NS4EvBAAsz4404uxEkqF89LGq6khhq87Xqo0lN8F2XMsnoMihnxYRWcy1p8arDD3

atGoz9dTJmWqkWaM6Ttf05KfuGqBk4MlypZtYbvJNs73v+V/6zcOpsJmbc/BzPEB

wIKiVlwXzIDOJf0IcNXYV6guicq/qknVkK6UoDATuTsEcRUY6B2Hi+D1KfOn14is

a/ocYCYDf+3vNbxGFOm9OcGOBrIqHMwxz2tG4oLNEjLfFeF7o42TYYnPsoFNw9Qz

toG0263Ye1sRc40rRVsQmNivWqE+At5eulkTBsXCPViKyOjhsLWRaR6Y2C3VP3Ht

XQFKBaNunu7W+FoK1KxD94SZnjpviONyLS5zVgiv4hacGzdCBjnNw4mi9fP0zpqe

evkpESrC7wlkX3xPz0hPgrxl/rM79J3Ktd6h1g224u9JFXAPFE56piQNlIBw1XMC

bec9HlD2fETILdCM5OePdHIzKS3GJ+0tzfjskh0uFje9UebqiXsn0yeI0YBRna1V

jzxFT9IVTB+A0U1yjKi7Cj3MVH5GoxsJtr8V8+pOB58dSQ1R2UyYcakFPeFraJze

PR9T87C7KWlH6uDgPh5E2rG+/UifiWucz1SpzztEOjdURu3UzaHYw0PjPPbK51w/

mKrAq6vrNkYJpshc5AlVPAzturflGyeBgoYRj85HNZgr2+qQMR4=

=lmti

-----END PGP SIGNATURE-----