A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.
# This is a security.txt file following https://securitytxt.org/ # If you discover any weaknesses or vulnerabilities on this website, # please report this via our Policy URL (see below) # to the National Cyber Security Centre (NCSC) # A report like this is called a Coordinated Vulnerability Disclosure (CVD). # We will discuss the issue with the NCSC and resolve it as soon as possible. # We thank you in advance for helping us making our product better and more secure! Contact: mailto:firstname.lastname@example.org Preferred-Languages: nl, en Policy: https://english.ncsc.nl/contact/reporting-a-vulnerability-cvd Policy: https://www.ncsc.nl/contact/kwetsbaarheid-melden Expires: 2022-09-01T00:00:00.000Z
This policy crawled by Onyphe on the 2022-01-04 is sorted as securitytxt.