A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# For Coordinated Vulnerability Disclosure please contact the mailbox below.
Contact: mailto:it-security@symrise.com

Expires: 2025-01-31T23:00:00.000Z

Preferred-Languages: de, en

# Canonical URLs
Canonical: https://www.symrise.com/.well-known/security.txt
Canonical: https://www.diana-food.com/.well-known/security.txt
Canonical: https://www.symotion.com/.well-known/security.txt
Canonical: https://www.tesium.com/.well-known/security.txt
Canonical: https://giraffefoods.com/.well-known/security.txt

# Encryption Public OpenPGP Key
Encryption: https://www.symrise.com/.well-known/public.pgp


Hiring: https://www.symrise.com/your-career


# Scope and Guidelines:
# Vulnerabilities found on our Domains *.symrise.com, *.diana-food.com, *.symotion.com, *.tesium.com, *.giraffefoods.com
# Do not use the following methods: Brute force,Denial of service (DDoS),Injecting Malware, Social engineering (e.g. phishing etc.), Corrupting Data, Any method that would disrupt our services.
# Provide us with a reasonable amount of time to resolve vulnerabilities prior to any disclosure to the public or a third-party.
# Within the framework of the legal system, we will consider activities conducted consistent with this policy to constitute "authorized" conduct and will not pursue civil action or initiate a complaint to law enforcement.
# Currently it is not possible to provide any payment or any kind of bounty for any found flaw in our systems.
-----BEGIN PGP SIGNATURE-----

iQGzBAABCAAdFiEEe++NPeUdKvIQgmk1nAU2Y7L7BSAFAmW4qT0ACgkQnAU2Y7L7
BSBOZAwAyq8dvc/jq43ziL+GmZ7YvjJBcQHKLzQKz2WoicAXUc6Gqeorc6Hk8xpb
ffsexxfgDMZGzxkzYjSEGF4SuHsmo5V9R8qxxeVLqpp82Keqd/7HQt20RIpt/Djd
/b7gwp5N8C7npc0E0p0hSlpey3jMonUtDq9r1+W1fnMO+vO+HiFF5Iy6oQQoPNU1
X3B/SSXeShLGX3SWCvoljSGiCHlSjypxwDszekRfsXviXYOsCr6XeqBBdVk0DZsz
6EsHTU3LeNjqWfSKY02Qmhi937fJaArZe/7rVPJ0qp0DvIELiGV/WJ+P0QTPgjga
fh/6LH4K67fXx0n55aK7ccOu9rOgPrhRLAlGl/cXBeiWq95h116GeSMnbGsgUaIB
VuU85+bcCkDDCH7Jd27sadeAmN27qE899QkBM9AEy/1jBbRXWNiW1Gxd1Gda0NoP
hqwBqYuSYYoePgNPo+BkrRNrkTPWe0P3FVO+jdHvh3xZx4EGzZMVz8kXudQChbK/
4K1gEI8o
=JDJ2
-----END PGP SIGNATURE-----