A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Cresta Intelligence, Inc. - reporting security vulnerabilities to Cresta



# How to communicate about security issues.

Contact: mailto:security@cresta.com



# Link to a key for secure communication.

Encryption: Please use PGP (fingerprint: 111859244CDF5809CBD47702A0F372C49C8F56DE) to encrypt any communication with security@cresta.com. You can retrieve our key using the following command: gpg --keyserver pgp.mit.edu --recv-keys 111859244CDF5809CBD47702A0F372C49C8F56DE



# Acknowledgements



# Preferred languages for communication.

Preferred-Languages: en, es, fr



# The most common URL for accessing this security.txt file.

Canonical: https://cresta.com/.well-known/security.txt



# What security researchers should do when searching for or reporting security issues.

Policy: https://cresta.com/trust



# Hiring



# Please see https://securitytxt.org/ for details of the specification of this file.