A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Methods contacting us:
Contact: mailto:security@facc.com

# Where to find our vulnerability contact (Bug Bounty Program):
Contact: mailto:security@facc.com

# Expiry Date of this file:
Expires: 2023-11-30T23:59:59Z

# security.txt file location:
Canonical: https://www.facc.com/.well-known/security.txt

# Languages we speak:
Preferred-Languages: de, en

# Job Offers:
Hiring: https://www.facc.com/Jobs-Karriere/Jobangebote

# FACC Classified TLP-Information
# WHITE: shareable without restrictions, except copyright protected content.
# GREEN: shareble within the organization and other partners, the information may not be made public.
# AMBER: shareble within the organization and other partners on a need-to-know basis.
# RED: shareable personally with named recipients only. Disclosure is prohibited. Red classified Information is encrypted.