A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

Contact: mailto:domain-security@upcz.cz
Preferred-Languages: en, cs
Expires: 2050-12-30T11:00:00.000Z

# Vulnerability Disclosure Policy
#  
# Thank you for taking the time to responsibly report a security vulnerability.
#  
# We do not currently run a bug bounty program or offer rewards, but we truly appreciate your effort in helping us keep our systems secure.
#  
# If you discover a vulnerability, please:
#  
# - Report it directly to domain-security@upcz.cz
# - Do not exploit the vulnerability
# - Do not attempt to access, modify, or delete any data
# - Do not perform testing that could impact system availability or privacy of users
# - Avoid any testing that could lead to service disruption (e.g. DoS, automated scanning, brute force)
#  
# We aim to acknowledge reports within 5 business days.
#  
# Thank you for acting in good faith to help us protect our users and systems.