A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# In scope targets
In-scope: *.domainesia.com

# Out of scope targets
Out-of-scope: DNS alias on *.domainesia.com to third party services, e.g.
- myid.domainesia.com
- dns1.domainesia.com

# Out of scope vulnerabilities
Out-of-scope-vuln:
- Clickjacking
- Social engineering
- Denial of Services
- Brute force
- Rate limiting issues
- Self XSS

# Our security address
Contact: abuser@domainesia.com

# Our bug bounty program
Contact: abuser@domainesia.com

# # Terms
# - Currently, we only process high-impact security vulnerability, due to our workload.
# - Do not exploit a security issue you discover for any reason other than for testing purposes.
# - Testing security issue must not cause disruption and privacy violation to our customers and our services.
# - We give money reward, discount code, or account balance with the amount based on the security impact to our business and your report quality.
# - We do not process duplicate reports, including from prior internal investigation.
# - Upstream softwares issue is out of scope, unless it's caused by misconfiguration.
# - You give us reasonable responding and fixing time before publicly disclosing our vulnerability.
#