A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# Greetings! Thank you for taking interest in WithSecure! The security team appreciates your interest and time in reporting security issues to us.

# For reporting vulnerability, security or privacy issues, please use the following contact information:
Contact: mailto:security@withsecure.com

# See the details of our vulnerability reward program:
Policy: https://www.withsecure.com/en/expertise/research-and-innovation/innovation-programs/vulnerability-reward-program

# Find our PGP key via the "How to report a vulnerability" information in the link below
Encryption: https://keys.openpgp.org/search?q=security%40withsecure.com

Acknowledgments: https://www.withsecure.com/en/expertise/research-and-innovation/innovation-programs/vulnerability-reward-program/hall-of-fame

Preferred-Languages: en

Canonical: https://www.withsecure.com/.well-known/security.txt

Hiring: https://www.withsecure.com/en/about-us/careers-at-withsecure/open-jobs

Expires: 2025-01-01T00:00:00.000Z
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE6RTvAjZx36yg2Nw9tGfa7NeNZg0FAmWztocACgkQtGfa7NeN
Zg1l/RAAoC8JOJNZaLl8xr+AKoKq6Vio7Lar67cN0+tlXcO4e95sosdYDcmG4K+B
mvu7Xelsdxe7EB6VxT+3UfnvkveD2J1KfJTBX2JUrzlo6q2I2bIAfytq+QhzoWCG
/ogHlY2UkjWVAN+0sZdHt+XNZIwZwAfg4dUfLm/f5LKlVWZz9lSJEmO4Ib3bjKNx
nxxe7OodalThqeK3hYBHNhZEa1KcASPssth3G3l5dswMlsjRuD6558omHFBEz+RH
6ZmtfoKA30IDCgDpZGOP9O2ITke/dls4MPgH2zcEgYP7DIxbHQBXmWOiDXm8REJO
Q5n1BfaDNwRBGj2szXC54orFEfw/7Cahj8UQ96mqIoerqdbkSse0ktKQk7kuduOY
G6Z93g5jfr6l5q0EbkR9oCJ7J2g/gzO6FqXXLZMVaoOjWw+VtqYFbfEg5OkIw+Uh
iXTszzebLwYxC0ZmzSXWoOIymMrv9lSzJWCCHGBCX1rH+76y3qyCCUpDFkkP7iHh
qqCBnJcj8lcGJY5hNEUOQrJlYSJ0t8gRiwP0fyKx/wnE+8Gee6w7HBqkgtXtaxbK
/8UaOpvuCp0dlRDVzRPEeZ1XNlPe3Reb11slmNrKXocTKsWkmDGxiwmpi/BCoaiW
e4s9To9zS6w14FGvs3QPKaYgmvCblNPbh5wHnxo/efxHA0110M0=
=o0YH
-----END PGP SIGNATURE-----