A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Please report any security vulnerabilities to us via the contact method(s) below.
# Please do not include any sensitive information in your initial message, we'll provide a secure communication method in our reply to you.
Contact: mailto:encarregadodedados@facil.com.br

Preferred-Languages: pt-br, en
Canonical: https://facil.com.br/.well-known/security.txt
Policy: https://facil.com.br/privacidade.php?L=1
Policy: https://facil.com.br/politica.sgsip.php?L=1
Hiring: https://facil.com.br/vagas.php?L=1