A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512



# We do not currently have a bug bounty program and do not pay for bug reports

Contact: mailto:cybersecurity@bcferries.com

Expires: 2025-12-31T08:00:00.000Z

Encryption: https://www.bcferries.com/sec-pgp-key.txt

Preferred-Languages: en

-----BEGIN PGP SIGNATURE-----



iJIEARYKADoWIQTMOUypKLp20gRNN0iEjTmOHWjtZAUCZBuUDxwcY3liZXJzZWN1

cml0eUBiY2ZlcnJpZXMuY29tAAoJEISNOY4daO1kO2oA/RgtrxyX09wSMVmqwKiY

7Wxzq0Rw3AKuXUi1V4+l/uUxAP9XcmbaZ8jXx+BmxRVyKM1yl79UsNMpd3EXENxv

ldStBA==

=R8Wx

-----END PGP SIGNATURE-----