A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# In case of security inquiries please contact the
# BSI AG Computer Security Incident Response Team (CSIRT)
Contact: mailto:abuse@bsi-software.com

# For vulnerability reports please contact the Compass Security Bug Bounty Team
Contact: https://bugbounty.compass-security.com/bug-bounties/bsi-software-bug-bounty
Policy: https://bugbounty.compass-security.com/bug-bounties/bsi-software-bug-bounty

# Open positions
We are hiring in security operations and other tech positions.
Visit https://www.bsi-software.com/en/careers or give us a note.
Are you smart enough to breach our application? See you inside :-)

Begins: 2024-02-01T00:00:00.000Z
Expires: 2025-02-01T00:00:00.000Z
Preferred-Languages: en, de, it, fr