A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.
# As a nonprofit, our options are limited, and as such we unfortunately do # not have a bug bounty program. # # However, we are thankful for responsible disclosure and, depending on # the report and its impact, can credit e.g. during one of our infra # meetings for good work done. # Please use the following address for responsible disclosure of # vulnerabilities affecting this website and other online services # managed by The Document Foundation. Contact: mailto:hostmaster@documentfoundation.org # The above address is not a suitable venue for security issues # related to the LibreOffice *software* -- for such issues please see # https://www.libreoffice.org/about-us/security/ . # Please also note that our somewhat lax SPF and DMARC policies are # *intentional*, as their mere presence does suggest. Please don't # send "vulnerability reports" or bounty requests about these.
This policy crawled by Onyphe on the 2022-01-04 is sorted as securitytxt.
FireBounty © 2015-2024