A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# We are always interested in receiving reports for security issues that are exploitable.
# We don't respond to reports for already known or non-exploitable issues, automated reports and other low hanging fruit.
#
# If you find an *actual* security vulnerability then contact us and tell us what it is.
# But if you've just run some automated tooling, found something trivial then reached out with the expectation of cashing in,
# you're going to be disappointed.
#
# - Please read our responsible disclosure policy prior to reporting your findings!
# - Don't use automated scanners: Contact us for permission before mass-scanning!

Contact: mailto:responsible-disclosure@tiqets.com
Expires: 2050-12-31T23:00:00.000Z
Preferred-Languages: en
Canonical: https://www.tiqets.com/.well-known/security.txt
Policy: https://www.tiqets.com/en/responsible-disclosure/