A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# In case of security inquiries please contact the
# BSI AG Computer Security Incident Response Team (CSIRT)
Contact: mailto:abuse@bsi-software.com

# For vulnerability reports please contact the Compass Security Bug Bounty Team
Contact: 
https://bugbounty.compass-security.com/service-details.html?id=12
Policy: 
https://bugbounty.compass-security.com/service-details.html?id=12

# Open positions
We are hiring in security operations and other tech positions.
Visit https://www.bsi-software.com/en/careers or give us a note.
Are you smart enough to breach our application? See you inside :-)
Hiring: https://www.bsi-software.com/en/careers 

Expires: 2026-02-01T00:00:00.000Z
Preferred-Languages: en, de, it, fr