A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Our security address
Contact: mailto: security-alert@gi-de.com
Contact: https://www.gi-de.com/en/contact/contact-of-security-emergency-response-team

Expires: 2024-12-31T23:59:00.000Z

# Our security acknowledgments page
Acknowledgments: https://hackerone.com/giesecke_devrient/thanks

# Our preferred language is
Preferred-Languages: en

# Canonical URI
Canonical: https://www.gi-de.com/.well-known/security.txt
Canonical: https://www.gi-de.com/.well-known/security.pdf

# Our security policy
Policy: https://hackerone.com/giesecke_devrient

# Our job offers
Hiring: https://www.gi-de.com/en/careers/jobs

# Encryption
# We use S/MIME. Encrypted communications is supported after initial exchange of certificates
# For the same reason there is a digitally signed pdf document in this directory (instead of a PGP signature file)