A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# We have a BugBounty Program:
# NOTE: Security testing is NOT permitted for all domains this file may appears on. Please refer to the policy for details.
Contact: https://yeswehack.com/programs/thuringer-aufbaubank-bug-bounty-program

# For all other queries contact:
Contact: mailto:it-security@aufbaubank.de
Contact: https://www.aufbaubank.de/impressum-und-datenschutz

Preferred-Languages: de, en
Expires: 2030-01-01T00:00:00z

# Only domains specified in the policy are within scope. Testing on other domains is prohibited.
Policy: https://yeswehack.com/programs/thuringer-aufbaubank-bug-bounty-program