A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: https://bugcrowd.com/afterpay

# If you'd like to encrypt your message, please do so within the the body of the message.
# Our email system doesn't handle PGP-MIME well.
Contact: mailto:security@afterpay.com

Preferred-Languages: en
 
Encryption: https://afterpay.com/gpg/security-afterpay-public.txt

Canonical: https://afterpay.com/.well-known/security.txt
Canonical: https://www.afterpay.com/.well-known/security.txt

# Search for Security
Hiring: https://block.xyz/careers

Expires: 2025-03-05T23:10:55.018Z

-----BEGIN PGP SIGNATURE-----

iQJKBAEBCAA0FiEE9NnbT16sf/T048cEy1Dj5F7WreIFAmXnppIWHHNlY3VyaXR5
QGFmdGVycGF5LmNvbQAKCRDLUOPkXtat4qlnD/9pe/MWxD7WPBXfZwEek0jfUOyu
plavkNt7ZRqPP/j109AY6hhKl/ulHjwBbKUnV/Op24G5ar+zicwulf6D6qQf+9co
12ilbnhUaVA4qwb+a1T73FPASmB6hrmug2WfC2X6lT9uVPfSQgMAmztMYPqKg7z+
deHHeYLIVkrzqH4EVCRsEykRH0N3nWxmLvJGwww/RTuIcJLZgvSQsJpt+bknSTs1
ayjoAKaPAEEByRNGyqbd/NPJB086xmXyCXqbqfEOhnttmLBG7Zny3Qw0UykT72/G
dqxrOt8D7ByVca01vbkYCAtyyNzjXNm/BKhD4Uy2HJe4bDXJz+oyqyfOa6VWGbO1
3AfTUWbH09lbB7Jy/CuHStzWTdsr3w1vVB14hMWTmPS3SR9BFsRAdYFvlxfM/SJW
DftslQ+cKhukcS5ZWwq8B7xAnSHzRiF2ljXC7aapG2K4E2TltvWZc41CsortOfm0
TwoV9N43qTxhpiOe7+aAXexg/Q1pfaDjMhRqh+OX2tWes66vR5URxbVFTGnl9Gna
rFlOfQyLciSzJ3DFpMdVRia3XeQb+55PuPVnzZCv5pHHQFl2SGaEus4EBijd/O6m
DqfONOo+X6tyYqeYbI27ZlK83cP6dWU3vSgutwTFOQMw1/9cXBcQpNXR60Ym2/sf
0PxVGZ7sJDUOeBeftA==
=ysPO
-----END PGP SIGNATURE-----