A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# If you have any concerns around emails purporting to be from the Clean Energy Regulator (CER)

Contact: mailto:itsa@cer.gov.au

Expires: 2025-11-30T12:59:00.000Z

Preferred-Languages: EN

Canonical: https://cer.gov.au/.well-known/security.txt

Policy: https://cleanenergyregulator.gov.au/about-us/our-policies/security-vulnerability-disclosure

Hiring: https://cleanenergyregulator.gov.au/careers

# The CER is serious about Cyber Security and your contributions will be valued.