A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# security.txt 

# Security Policy for the County of Sonoma



Contact: mailto: ISO@sonomacounty.gov

Preferred-Languages: en 

Policy: https://sonomacounty.gov/administrative-support-and-fiscal-services/human-resources/employee-resources/administrative-policy-manual/9-2-it-use-and-security-policy

Hiring: https://sonomacounty.gov/job-opportunities



# Please report any security vulnerabilities to the email address above. 

# We request that you do not disclose the vulnerability publicly until we have had a chance to address it. 



# Last updated: 2025-12-16