A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# For security issues related to Amazon Web Services (AWS), please see our security policy

Policy: https://aws.amazon.com/security/vulnerability-reporting/

# To contact AWS regarding a vulnerability

Contact: mailto:aws-security@amazon.com
Preferred-Languages: en

# We support PGP encryption

Encryption: https://aws.amazon.com/security/aws-pgp-public-key/

# This file expires every 365 days

Expires: 2024-08-171T12:00:00z

# We're hiring - join Amazon Security!

Hiring: https://www.amazon.jobs/en/business_categories/amazon-security