A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

Contact: mailto:alert@eplay.com
Contact: https://github.com/dlxmedia/community/security
Expires: 2024-12-31T22:59:00.000Z
Preferred-Languages: en
Canonical: https://www.eplay.com/.well-known/security.txt

Please do the following:

- Post your findings at: https://github.com/dlxmedia/community/security
- Do not run automated scanners on our infrastructure or website without permission.
- Do not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people's data,
- Do not reveal the problem to others until it has been resolved,
- Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties, and
- Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. Usually, the URL of the affected system and a description of the vulnerability will be sufficient, but complex vulnerabilities may require further explanation.