A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

Contact: mailto:sirt@tuv.com

Expires: 2025-12-31T23:59:59Z

Preferred-Languages: en,de

Canonical: https://www.tuv.com/.well-known/security.txt

Acknowledgments: https://www.tuv.com/security-acknowledgments



#######################################################################

# Private Bug Bounty Program on Intigriti

#

# As an alternative to reporting at sirt@tuv.com we also run a private bug bounty program on the Intigriti platform.

# The scope and policy are described in detail within that program.

#

# If you have discovered a potential vulnerability and would like

# to report it using Intigriti please:

# 1) Create or use an existing account on https://www.intigriti.com/

# 2) Send us your Intigriti username and your contact details via sirt@tuv.com.

# 3) We will invite you to our private bug bounty program where you can report the vulnerability.

#    

# We can only payout a bounty if you register an account on Intigriti and join our private program, accepting our NDA.

#

# Please do NOT disclose any vulnerability publicly until we have

# confirmed that it is safe to do so and aligned with our program rules.

#

# Thank you for helping us protect our systems and customers.

#######################################################################