A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# DSB - Please use the below point of contact for security findings only, if you as a 

# vendor/salesperson contact us directly on this e-mail will we mark your e-mail as spam.

# Please send relevant information about your security findings to:

Contact: mailto:security@dsb.dk

Contact: mailto:itsikkerhed@dsb.dk



Expires: 2025-01-01T11:00:00.000Z

Preferred-Languages: en, da



# Our security policy:

Policy: https://www.dsb.dk/disclosure-policy.html



# Our OpenPGP key

Encryption: https://www.dsb.dk/pgp-key.txt



# Our security acknowledgments page

Acknowledgments: https://www.dsb.dk/hall-of-fame.html



Hiring: https://www.dsb.dk/om-dsb/job-i-dsb/ledige-job/

Canonical: https://www.dsb.dk/.well-known/security.txt



# Bug Bounty / Reward Statement

# -----------------------------

# DSB does not have a bug bounty/reward program and will therefore not offer paid bug/security rewards.

# We might however offer a token of our appreciation to security researchers who take the time and effort to 

# investigate and report security vulnerabilities to us.

#

# As we are not a part of a bounty/reward program please have in mind that if we detect any suspicious behavior

# we will respond accordingly

#

# Best regards

# DSB IT Security Team

#