A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Security Policy for Sim
# https://securitytxt.org/
# RFC 9116: https://www.rfc-editor.org/rfc/rfc9116.html

# Required: Contact information for security reports
Contact: mailto:admin@hivecommand.com

# Required: When this file expires (ISO 8601 format, within 1 year)
Expires: 2027-03-02T03:53:50.571Z

# Preferred languages for security reports
Preferred-Languages: en

# Canonical URL for this security.txt file
Canonical: https://hivecommand.com/.well-known/security.txt

# Link to security policy page
Policy: https://hivecommand.com/security

# Acknowledgments page for security researchers
# Acknowledgments: https://hivecommand.com/security/thanks

# If you discover a security vulnerability, please report it responsibly.
# We appreciate your help in keeping Sim and our users secure.