A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Dotdash uses a private HackerOne program for responsible disclosure, please contact our Security team for an invitation to the HackerOne program.
# Occassionaly, a request for access to the program may be rejected due to low hacker reputation, negative signal and/or code of conduct violations.
# Please include ONLY the following details in your initial message.
# - Vulnerability type
# - Severity score
# - Domain of the website
# - Your HackerOne username
Contact: mailto:security@dotdash.com
Preferred-Languages: en