A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.
# In scope targets In-scope: *.domainesia.com # Out of scope targets Out-of-scope: DNS alias on *.domainesia.com to third party services, e.g. - myid.domainesia.com - dns1.domainesia.com # Out of scope vulnerabilities Out-of-scope-vuln: - Clickjacking - Social engineering - Denial of Services - Brute force - Rate limiting issues - Self XSS # Our security address Contact: abuser@domainesia.com # Our bug bounty program Contact: abuser@domainesia.com # # Terms # - Currently, we only process high-impact security vulnerability, due to our workload. # - Do not exploit a security issue you discover for any reason other than for testing purposes. # - Testing security issue must not cause disruption and privacy violation to our customers and our services. # - We give money reward, discount code, or account balance with the amount based on the security impact to our business and your report quality. # - We do not process duplicate reports, including from prior internal investigation. # - Upstream softwares issue is out of scope, unless it's caused by misconfiguration. # - You give us reasonable responding and fixing time before publicly disclosing our vulnerability. #
This policy crawled by Onyphe on the 2020-06-02 is sorted as securitytxt.
FireBounty © 2015-2024