A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256



# Canonical URI

Canonical: https://www.cisco.com/.well-known/security.txt



# Cisco PSIRT email address

Contact: mailto:psirt@cisco.com



# Cisco PSIRT OpenPGP key

Encryption: https://cscrdr.cloudapps.cisco.com/cscrdr/security/center/files/Cisco_PSIRT_PGP_Public_Key.asc



# Cisco's security vulnerability policy

Policy: https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html



# Cisco's Common Security Advisory Framework (CSAF) publications

CSAF: https://www.cisco.com/.well-known/csaf/provider-metadata.json



Expires: 2025-01-01T00:00:00.000Z



-----BEGIN PGP SIGNATURE-----



iQIzBAEBCAAdFiEEQoHcqRJKiwfOz+95IISGp5/AizQFAmX9iX8ACgkQIISGp5/A

izQTyA//VTvahwezXnENX/4+pEUz2gbhyiG/5Oitbr2MyzNxcGlI0qJbcUIqGhnU

m44vwG/yUNcZTgF+eZukbqPe/5dMsq+zzLOJC9PFwlNhbUyAWxZIIbXPffthdPAV

xfxc8wKdsF8oa9BxVabMM8XkuUQFpCiEbjjSwMtkek1htFBlEaFso7Izk1DHtt0D

YWjQozEm3wJIfUkOsOc/300w4T3iNWF76zL5sZWS3JTfMLxbW4R8WtGtwGQPMadD

VtSTmHiTQ/BnGZJLyIy72WWNlVd2rxkYfxTnubCaisz5cXsuUfSpRyhfzyoowvjZ

YtMGZbhNRoipEsdaV1O3P5H5IjfYqbh0i+3dDCCDDDkZwPwFjBkFtkKN45vbNteI

qezKg560RKcKVP2X4WQzfHDiuibEpQeEIzmFn8e8pxzoPQvsCSm0ZNQCu3obxfNa

lEp0GjvgkuIOlqGrhUyuRbQdDeINb9YEXP2QLQpbhOm0myyyDxmkaJPSokvj+Jsy

+bYK1Wm9IiIzqzXCYIHwJTNSKL3bWgpnXUebQXvjtXNOTPaklP+kHN9aJmfZV7p6

XHHQotm0G2BBPTeiQaud2/Nd78PYewIqYSTsUCC/C/zo2Ub6p5oPtixBAxSS4mHc

wMlnexHtsOoih/4c6YmOKoNeFLSJACOaarX1KtDwnM6kFTpiCpc=

=aMMS

-----END PGP SIGNATURE-----