torproject.org
A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 # Canonical URI Canonical: https://torproject.org/.well-known/security.txt # Our security address Contact: mailto:security@torproject.org # Our OpenPGP key Encryption: openpgp4fpr:835B4E04F6F7421104C4751A3EF9EF996604DE41 # Our security acknowledgements Acknowledgments: https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE # For tor (the network daemon) see Policy: https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/SecurityPolicy # Expires is required, formatted according to [ISO.8601-1] and [ISO.8601-2] Expires: 2026-12-15T18:00:00z -----BEGIN PGP SIGNATURE----- iQITBAEBCgB9FiEEg1tOBPb3QhEExHUaPvnvmWYE3kEFAmftMEdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDgz NUI0RTA0RjZGNzQyMTEwNEM0NzUxQTNFRjlFRjk5NjYwNERFNDEACgkQPvnvmWYE 3kFv0wv+N5rg2zohSVrfsAsUgL2iN3Qp1/qzZ2zqXw8p+r0CSd6b1R1610IgIK0k TODW6xTgklRDbxCYY35fn8m56bGvtZ8RAiMiSc6y2IqKaO34TBZrxGQ0VvXxsW9R cZ8/tkBZDNUoblWuTXzkJj9fuPsOCD1pETNdZ2ivRAyeLvinnXIBEU+tQXkVHyrZ E8He7BJ7f5EqRfTSqXcPWUv5NTBj7hdnlYHu2qOk7q4h7kjjmicvzMhdj/gYlbvZ ztTWZdwZxa4hZKeJWDsLpcx40KnYVAcE7XeNrnkl85Q4tjD35MtEA+XT76CdFjKE 5kP3xrOCLbHp3gMU7s6VhpHJA0DJqsgA9IyeZKFZTdT/VYkq3Reyoj2GJNs9Xbp6 GBKB+ChsUgUrCrcnhviRxHSnxWjpajxqtRGrKb6Y7+Lm2ElpP2wZmz4fkAKVra3v dLCXP+KKhjizfk8EBfj9TO7QEhjV0/vm3ST8eOb4OJPtyy30Fn9+3342oMGLc50i S6siz/x4 =tMhK -----END PGP SIGNATURE-----
This policy crawled by Onyphe on the 2023-10-01 is sorted as securitytxt.
FireBounty © 2015-2025
