A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an origanisation will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifable via a simple way, a security.txt notice.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 # Thinking you found a security vulnerability? Let's talk and take a responsible disclosure path together. # When submitting a vulnerability report, please always ensure to provide at least *precise* and detailed steps to # reproduce all described attack scenarios. Additionaly, screenshots, samples, scripts, ... are all helpful. # Without precise information, we won't be able to qualify the submission as an exploitable security vulnerability. # Also, please be realistic: bugs requiring exceedingly unlikely user interaction such as entering manually an # attack payload, going through forged third party phishing pages, etc. may reallistically not meet the bar. Contact: firstname.lastname@example.org # Sensitive information require adequate protection, and cleartext in email body does not serve that objective. # Therefore, please always encrypt your vulnerability report and provide it as an email attachment. Encryption: https://www.backmarket.com/.well-known/security-pubkey.txt Encryption: https://pgp.key-server.io/download/0x5EDD605BB8F4C0DD Encryption: openpgp4fpr:2cebfa0bd82d37009ab2add25edd605bb8f4c0dd # Back Market is continually looking for new talents, this might be a good opportunity to reach out! Hiring: https://jobs.backmarket.com/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEM0AoSC3WoeoDXg9ozIAzZvbJkrgFAl7cBWcACgkQzIAzZvbJ krhZfw//RTGlsEKjz78e3YbkU1f0atieNVGmqQTbqHGmGTCplImkd42Lf4hU1rnI KVbAiFgXv/AJAbNcOTupUfSjcLfQD9GcyCsZcKk5g/qzo78WC2G4ACX2ITloFf82 tPq79OYVwcQGGvOe2Xi6Lp/p1y3oyZK4LNDqDmJEQCPfQ7oOZmQpd3HMYazeY/Da cc16zNh8x8vB0zpR61T8Bbbo6zg244WndaNMshGV0fgkgenngZqQ+KBp3I7LqTDc wFQDFCl4c9vAMDZSxxKhr9Ziu0BdXUu/6D+U3+2qi9NolZcIQjzqJm96Xx3NZ878 ZCdqMVWvS1GWXUZW9jKf22AitrcWOa58KbwXgeg1WQA8OGT8Ex3cvaGsT9ejwFgp x6LKW0fFBuTGc/UEfJZ2fn7En/GBQg1ZcCmG/l8a4n4zJXub10tbHEinyQHCylzW 7ee1oesF2gUV6KmsHLfHSLo7EuJgMRQV5WXnsReuj0EMv72Qc6I0Z76E4ISMqDDh X+/RzYWqcb7QinKxOgiwm8frG++yuISbc38zAo45eLoPzh4LtlP3bynyCQFpLqGd C4Mi4mwxmh45FVjaBYVzPd0Hj56ga66Gx5mw1jyoFJBwOEaKmlTeLqB4AW5QtBr3 E7EMlBXLdZVqhecAL02A121akGHB/H6EcT+afuQF4W43RAw7FLU= =VVVO -----END PGP SIGNATURE-----
This policy crawled by Onyphe on the 2020-06-18 is sorted as securitytxt.