A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# We do take vulnerabilities seriously,
# but when sending reports please note that we are a startup with limited resources.
# As of such we cannot respond to every request asking for money for stuff like missing CSP header,
# or "vulnerabilities" that require extensive social engineering.
# We would greatly appreciate if you value our time and do a demo for us,
# like a website demonstrating the vulnerability. (without it affecting real users).
Contact: mailto:support@sumo.app
Expires: 2024-10-30T21:00:00.000Z