A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

#

Canonical: https://www.sipylus.com/.well-known/security.txt

Preferred-Languages: en

Contact: mailto:security@sipylus.com



Encryption: https://www.sipylus.com/.well-known/publickey.txt

Acknowledgments: https://cicols.com/sipylus/

Policy: https://www.sipylus.com/legal/security-policy/

Hiring: https://www.sipylus.com/services/employment/

Expires: 2025-01-01T00:00:00z



# For the avoidance of doubt, we do not consider these to be reportable issues:

#

# 1. Volumetric vulnerabilities (i.e. denial-of-service or overwhelming our

#    service with a high volume of requests)

#

# 2. ssh and ssh username enumeration

#

# 3. TLS configuration weaknesses (i.e. weak ciphersuite support, TLS1.0

#    support, etc)

#

# 4. Use of older jQuery libraries

#

# 5. Email configuration (SPF, DKIM, DMARC)

#

# 6. Gaps in common best practice such as missing security headers (CSP,

#    x-frame-options, x-prevent-xss etc)

#

# 7. Non-exploitable vulnerabilities