A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an origanisation will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifable via a simple way, a security.txt notice.
# This web site is managed by NitroSell; we always appreciate responsible/ethical security disclosures # We are a small company and do not have an official bug bounty program; at the very least, we'll arrange some swag or a payout that depends on severity # If you would prefer to discuss by phone or online meeting, we are happy to do so # Thank you for helping us out! Contact: email@example.com Encryption: https://keybase.io/donogh/pgp_keys.asc?fingerprint=7cf4f2e947af1fb42318d83bcf07567bd523c9fd Preferred-Languages: en
This policy crawled by Onyphe on the 2020-07-16 is sorted as securitytxt.