A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Yahoo! uses Intigriti for responsible disclosure.



# To report abusive behavior, spam, email scams, etc. please visit https://safety.yahoo.com/Security/.



Contact: mailto:security@yahooinc.com



Contact: https://app.intigriti.com/programs/yahoo/yahoobugbounty/detail



Acknowledgments: https://app.intigriti.com/programs/yahoo/yahoobugbounty/leaderboard



Policy: https://legal.yahoo.com/xw/en/yahoo/coordinated-vulnerability-disclosure-program-policy/index.html



Hiring: https://www.yahooinc.com/careers/search.html?q=paranoids



Expires: 2025-12-31T12:00:00.0Z