A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Yahoo! uses Intigriti for responsible disclosure.
# To report abusive behavior, spam, email scams, etc. please visit https://safety.yahoo.com/Security/.
Contact: mailto:security@yahooinc.com
Contact: https://app.intigriti.com/programs/yahoo/yahoobugbounty/detail
Acknowledgments: https://app.intigriti.com/programs/yahoo/yahoobugbounty/leaderboard
Policy: https://legal.yahoo.com/xw/en/yahoo/coordinated-vulnerability-disclosure-program-policy/index.html
Hiring: https://www.yahooinc.com/careers/search.html?q=paranoids
Expires: 2025-12-31T12:00:00.0Z