A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Yahoo! uses Intigriti for responsible disclosure.





# To report abusive behavior, spam, email scams, etc. please visit https://safety.yahoo.com/Security/.





Contact: mailto:security@yahooinc.com





Contact: https://app.intigriti.com/programs/yahoo/yahoobugbounty/detail





Acknowledgments: https://app.intigriti.com/programs/yahoo/yahoobugbounty/leaderboard





Policy: https://legal.yahoo.com/xw/en/yahoo/coordinated-vulnerability-disclosure-program-policy/index.html





Hiring: https://www.yahooinc.com/careers/search.html?q=paranoids





Expires: 2025-12-31T12:00:00.0Z