thehue.co
A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.
# Security Policy for The Hue # RFC 9116 Compliant Security Contact Information # https://thehue.co/.well-known/security.txt Contact: mailto:security@thehue.co Contact: mailto:hello@thehue.co Expires: 2026-08-23T12:00:00.000Z Encryption: https://thehue.co/.well-known/pgp-key.txt Acknowledgments: https://thehue.co/.well-known/security-acknowledgments.txt Policy: https://thehue.co/.well-known/security-policy.txt Hiring: https://thehue.co/#contact # Preferred Languages Preferred-Languages: en, fr # Canonical URL Canonical: https://thehue.co/.well-known/security.txt # Organization Information # The Hue - Public Relations & Communications # Part of Anne Charlot Networks # Montreal, Quebec, Canada # Scope # This security policy covers: # - Main website: https://thehue.co # - French version: https://thehue.co/fr/ # - All subdomains and associated services # - Email systems and contact forms # - Progressive Web App functionality # Reporting Guidelines # Please report security vulnerabilities responsibly # Include detailed information about the vulnerability # Allow reasonable time for investigation and remediation # Do not access or modify data without explicit permission # Response Time # We aim to acknowledge security reports within 48 hours # Initial response and triage within 5 business days # Regular updates on remediation progress # Languages Supported # Security reports accepted in English and French # Bilingual support available for all communications # Out of Scope # - Third-party services and integrations # - Social engineering attacks # - Physical security issues # - Denial of service attacks # Safe Harbor # We support responsible disclosure and will not pursue # legal action against security researchers who: # - Follow our disclosure policy # - Act in good faith # - Do not access or modify user data # - Report vulnerabilities promptly
This policy crawled by Onyphe on the 2025-09-02 is sorted as securitytxt.
FireBounty © 2015-2025
