A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

#If you have any inquiries regarding vulnerabilities in our application or you have a concern/question about one of our simulated phishing tests please contact us at the below email addresses
#Our Information Security Team 
Contact: mailto:infosec@knowbe4.com
#Our Privacy Team
Contact: mailto:privacy@knowbe4.com
#Our Legal Team
Contact: mailto:legal@knowbe4.com
#Bug Bounty Program Link
Policy: https://hackerone.com/knowbe4?type=team
Expires: Wed, 1 Jun 2022 00:00 -0400
Preferred-Languages: en, pt
Hiring: https://www.knowbe4.com/careers/job-openings?department=InfoSec

#Security Page
Policy:https://www.knowbe4.com/security