A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Our primary contact and reporting method

Contact: mailto:cengage-vdp@submit.bugcrowd.com

Contact: https://bugcrowd.com/5c0e9d1e-e7a2-46c5-b6b0-af424fe4aa8d/external/report



# Canonical URI

Canonical: https://www.cengage.com/.well-known/security.txt



Expires: 2025-01-02T17:00:00.000Z

Acknowledgments: https://bugcrowd.com/cengage-vdp/hall-of-fame

Preferred-Languages: en



-----BEGIN PGP SIGNATURE-----

iQGzBAEBCAAdFiEEVDot9XgMzbdN4sO4CGCygCn6I4sFAmXowPkACgkQCGCygCn6
I4t0Ogv+JnoIJFBvKKvwDmIK4/CDq1vds97G2MfRijEzFQQ96i6pDKAqHtLGmckt
2d9WMne6UlwHwv8kqQNOTYijgMfkhslcCB7tmbGJ8T4dXeWEwWCXDS3+PegPdp4o
NdRKrGnnXkqT5RKObgRwlnukixYAIkhpguhCL1ZDCL7yg8g/2zW7ZRrrIvzBfiZ5
Cj6FZFqK0kQiNmwnw+pnPfBHkGOJN8BYpKzpw+xclOsFXeH/YEy1rpSMl32qYnz8
MDEWD5mgf2zRheP6bNr7TTJmkTUo/InfZmpFVofvl+XoC+cqEh4VyUrxCatRT1np
bBRu+YsmOkDeLSnXH0LcZbHNq7FfMDbsyfNrQ6V5T3FJFs5vzWnqJ/MbzUjajOba
cQ1VnycEaM73zHkPUuo27RQ/TCecOwbT1+PYjNlEccfrz4/YtSLMLPx02QrMeZAJ
tKWrAkCAfKfMwuxy6uuRcTq3oLj2LmFQyxL1tDrBagr5zz7pLKyyBO6p2sj4axAg
ssvZnigW
=mKWT
-----END PGP SIGNATURE-----