A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

Dear Researcher,
Thank you for taking the time to find this file. Below you will find information useful in the context of reporting ocado.com security issues. Please keep in mind, we accept findings related to the Intigriti Bug Bounty program and only via the Intigriti platform.

# In-scope security vulnerabilities reporting and policy:
# (Keep in mind this program is private and you need to be invited by intigriti team.)
Contact: https://app.intigriti.com/programs/ocado/ocadoprivatebugbounty


# Vulnerability Scoring stadard
https://kb.intigriti.com/en/articles/5041991-intigriti-s-contextual-cvss-standard

# This file was served via:
Canonical: https://www.ocado.com/.well-known/security.txt

Preferred-Languages: en
Expires: 2024-11-30T23:00:00.000Z