A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# SecurePeak Security Contact Information
# https://securepeak.com — Cryptographic Infrastructure & Offensive Security
#
# This file follows RFC 9116 (https://www.rfc-editor.org/rfc/rfc9116)
# If you have found a security vulnerability in any SecurePeak asset,
# we want to hear from you.

Contact: mailto:security@securepeak.com
Contact: https://securepeak.com/vulnerability
Expires: 2027-01-31T23:59:59.000Z
Preferred-Languages: en, es, ca, fr
Canonical: https://securepeak.com/.well-known/security.txt
Policy: https://securepeak.com/vulnerability

# -------------------------------------------------------------------
# SCOPE
# -------------------------------------------------------------------
# In scope: securepeak.com and all subdomains, SecurePeak-operated
# edge infrastructure, public-facing APIs, and client-facing tooling.
#
# Out of scope: third-party SaaS integrations, social engineering
# attacks against personnel, and denial-of-service testing.

# -------------------------------------------------------------------
# DISCLOSURE POLICY
# -------------------------------------------------------------------
# We follow coordinated disclosure. We ask that you:
#   - Report vulnerabilities promptly via the contacts above
#   - Allow reasonable time for remediation before public disclosure
#   - Avoid accessing or modifying data that does not belong to you
#   - Do not perform destructive testing against production systems
#
# We commit to:
#   - Acknowledging receipt within 24 hours
#   - Providing an initial assessment within 72 hours
#   - Working transparently toward resolution
#   - Crediting researchers who act in good faith (with permission)

# -------------------------------------------------------------------
# ENCRYPTION
# -------------------------------------------------------------------
# For sensitive reports, encrypt your message with our PGP key.
Encryption: https://securepeak.com/.well-known/pgp-key.txt

# -------------------------------------------------------------------
# ACKNOWLEDGMENTS
# -------------------------------------------------------------------
# We recognise researchers who help us improve our security posture.
Acknowledgments: https://securepeak.com/vulnerability#acknowledgments

# -------------------------------------------------------------------
# HIRING
# -------------------------------------------------------------------
# We are always looking for exceptional security engineers.
Hiring: https://securepeak.com/contact