A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# If you have identified a security vulnerability affecting IT resources of SAK - St.Gallisch-Appenzellische Kraftwerke AG,

# we encourage you to report it directly via email or by phone to our vulnerability management team.

# We will triage your request to the appropriate entity.

Contact: mailto: itsm@sak.ch

Contact: phone: +41712265678

Expires: 2024-12-31T23:00:00.000Z

Preferred-Languages: de, en

Canonical: https://www.sak.ch/.well-known/security.txt

Policy: https://sakch-my.sharepoint.com/:b:/g/personal/beat_hug_sak_ch/EdwUOTDYqUlProGZIua3DXQBB5kK6TiLC90hD-OZV9XQdA?e=eWAsZc