A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# WARNING 1: Automated downloading of this file (including bullshit research bots) will quickly get you blacklisted.

#            And no... "opt out here" is not how any of this works.

#

# WARNING 2: Probying ANYTHING (ICMP, open ports, TLS parameters, software details/versions) on this server will get you blacklisted and reported.

#

# WARNING 3: We have an absolute ZERO TOLERANCE policy for spam.

#            Any email sent to the address below that only remotely smells spammy, will get you blackisted and reported.

#

# Lists of known offenders might be made public.

#

# We do not care if you consider yourself part of "the good guys". These rules apply.

# We do not care what you think about them. They will especially not be discussed via email.

#

Contact: mailto:support@gkware.com

Expires: 2024-12-29T23:00:00.000Z

Preferred-Languages: en, de