A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

Greetings! Thank you for taking interest in F-Secure! The security team appreciates your interest and time in reporting security issues to us.

Please use the information below for getting in contact with our security team.

For reporting vulnerability, security or privacy issues, please use the following contact information and PGP key:

Contact: security@f-secure.com

Encryption: PGP Key Fingerprint: 0772 297E CA47 2544 2429 1FCD D5CD 4C07 67EC 2598

Preferred-Languages: en

Found a bug? Our Vulnerability Reward Program and policy is here: https://www.f-secure.com/en/support/vulnerability-reward-program

Security advisories: https://www.f-secure.com/en/support/security-advisories

Source
Canonical: https://www.f-secure.com/security.txt

Expiration date
The current vulnerability reward program will end on 31st December 2024 T11:00:00.000Z