A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Contact for suspect vulnerabilities on Aruba's website, digial workplace systems or non-product related vulnerabilities
Contact: mailto:security@hpe.com

# For suspect vulnerabilities in Aruba products please see our policy, contact information and PGP key info
Policy: https://www.arubanetworks.com/support-services/sirt/

# Aruba has a bug bounty program. Information on what products and other targets are in scope may be found at
Policy: https://bugcrowd.com/aruba-public

Acknowledgments: https://www.arubanetworks.com/support-services/security-bulletins
Acknowledgments: https://bugcrowd.com/aruba-public/hall-of-fame
Preferred-Languages: en

Expires: 2023-11-30T18:00:00.000Z