A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

Contact:
	We are currently operating an application based bug bounty program with Intigriti. 
	In order to participate, please register with Intigriti (https://login.intigriti.com/account/register). 
	Then go to the following link and apply (https://app.intigriti.com/researcher/programs/personio/personio/). 
	We will then review your application and accept you into our bounty program. 
	Once onboard, you will be able to review our bounty terms and scope, and safely share your findings with the team.
Contact: security@personio.de
Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/C921305FC1B574C16533ACA4B3E23F29B4B09BE1
Expires: 2022-11-03T00:00:00.000Z
Preferred-Languages: English
Canonical: https://personio.com/.well-known/security.txt
Policy: https://personio.com/data-security/