A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Our security addresses
# For product related security issues (Product Security Incident Response Team)
Contact: mailto:psirt@wittenstein-group.com
# PGP key for psirt@wittenstein-group.com
Encryption: https://www.wittenstein.de/.well-known/pgp-key-psirt.asc
#
# For infrastructure related security issues (Computer Security Incident Response Team)
Contact: mailto:csirt@wittenstein-group.com
# PGP key for csirt@wittenstein-group.com
Encryption: https://www.wittenstein.de/.well-known/pgp-key-csirt.asc
#
# For Coordinated Vulnerability Disclosure
Contact: mailto:vulnerability@wittenstein-group.com
# PGP key for vulnerability@wittenstein-group.com
Encryption: https://www.wittenstein.de/.well-known/pgp-key-vulnerability.asc
#
Expires: 2025-12-31T22:59:00.000Z
#
# Our preferred languages
Preferred-Languages: de, en
#
# Our canonical URI
Canonical: https://www.highintegritysystems.com/.well-known/security.txt
#
# Our vacancies
Hiring: https://www.highintegritysystems.com/careers-at-wittenstein-high-integrity-systems