A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# security.txt
# Contact information 
Contact: mailto:security-incident@axelspringer.de
 
# Instructions to researchers 
# Please register on our bug bounty program at Intrigrity and submit findings related to Axel Springer there.
BugBounty: https://app.intigriti.com/programs/axelspringerse/axelspringersevulnerabilitydisclosureprogram/detail
 
#Hiring
Hiring: https://career.axelspringer.com/de/tech
 
# Information about this security.txt file
Expires: 2029-12-31T23:59:59.000Z