A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.
Our security address Contact: security@pingidentity.com Our public openPGP keys For artifact signatures: https://keys.openpgp.org/vks/v1/by-fingerprint/A913A88FC21AC4E7EB52D44B45E764CA099D3220 Expires: 3/27/2027 For encrypting emails sent to Ping: https://keys.openpgp.org/vks/v1/by-fingerprint/DDC83F4D96620E2FDB9785E420925A72CF511FC2 Expires: 12/31/2026 Artifact signature verification with PingIdentity's public PGP key Retrieve our public key, import it to your gpg key ring and verify the artifact's signature. $ curl https://keys.openpgp.org/vks/v1/by-fingerprint/A913A88FC21AC4E7EB52D44B45E764CA099D3220 | gpg --import $ gpg --verify <artifact-name>.zip.asc <artifact-name>.zip Alternatively, you can import the public key from either OpenPGP's or MIT's server: $ gpg --keyserver pgp.mit.edu --recv-key 0x45E764CA099D3220 OR $ gpg --keyserver keys.openpgp.org --recv-key 0x45E764CA099D3220 Please note that unless you sign our public key with your private key, signature verification will throw a warning saying "This key is not certified with a trusted signature!" and "There is no indication that the signature belongs to the owner.". If you would like to verify the public key, please don't hesitate to reach out to the email address above. This file has also been signed with the artifact signing key listed above for additional assurance: https://www.pingidentity.com/.well-known/security.txt.asc More about Security at PingIdentity: https://www.pingidentity.com/en/company/security-at-ping-identity.html
This policy crawled by Onyphe on the 2022-01-03 is sorted as securitytxt.
FireBounty © 2015-2024