A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# UK Ministry of Justice (MOJ)
# Reporting security vulnerabilities to the MOJ

# Please read our disclosure `Policy` before testing systems or reporting issues to us.

Contact: https://hackerone.com/c532d916-6529-4495-a241-eb7431cfd134/embedded_submissions/new

# Our disclosure policy
# By submitting a potential security incident to us, you are implicitly accepting these terms - please read this before submitting:
Policy: https://mojdigital.blog.gov.uk/vulnerability-disclosure-policy/

# Our acknowledgements & thanks
Acknowledgements: https://mojdigital.blog.gov.uk/vulnerability-disclosure-policy/thank-you-to-the-security-research-community/

# If you’re interested in working at the MOJ (including in our cybersecurity and privacy teams):
Hiring: https://jobs.jobvite.com/justicedigitalandtechnology/jobs

# Please see https://securitytxt.org/ for details of the specification of this file
# H/T to https://www.bbc.com/backstage/security-disclosure-policy/

# <3 MOJ Digital & Technology Security & Privacy team
# Read more about the MOJ https://www.gov.uk/government/organisations/ministry-of-justice
# Read more about MOJ Digital & Technology https://mojdigital.blog.gov.uk/