A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Campaign Monitor security contacts and policy









# Where this file should be found, if found somewhere else it's not valid.




Canonical: https://www.campaignmonitor.com/.well-known/security.txt




Canonical: https://xxx.createsend.com/.well-known/security.txt









# Our security contact channels




Contact: https://www.campaignmonitor.com/trust/report-a-vulnerability/




Contact: mailto:campaignmonitor@submit.bugcrowd.com









# Link to our vulnerability disclosure policy




Policy: https://www.campaignmonitor.com/policies/









# Languages that our team speaks and understands




Preferred-Languages: en-US









# When this information is considered stale.




Expires: 2024-06-20T05:00:00.000Z