A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@intevation.de
Contact: tel:+49-541-335083-0
Expires: 2026-01-28T00:00:00Z
Encryption: https://intevation.de/.well-known/openpgpkey/hu/t5s8ztdbon8yzntexy6oz5y48etqsnbb
Encryption: openpgp4fpr:804FED63730227FF2FB6D9712EA2477380F3EDCB
Preferred-Languages: de, en
Policy: https://intevation.de/.well-known/security.txt
Canonical: https://intevation.de/.well-known/security.txt
Canonical: https://intevation.net/.well-known/security.txt
CSAF: https://intevation.de/.well-known/csaf/provider-metadata.json

# Security Policy
# ===============
# 
# Thank you for reporting security issues in our services or products.
# 
# We typically investigate the case and may or may not contact you to
# confirm it or to explain why we do not consider it an issue.
# Response times may vary.
# 
# 
# No Rewards, No Hall of Fame
# ---------------------------
# 
# As a matter of principle, we do _not_ offer financial or other rewards
# for valid reports. In the past, some people made an effort to scan our
# public services with the expectation of being rewarded. The high
# number of false positives made the entire process unfeasible.
# 
# We strive for the internet to be a cooperative place that we all share.
# If we notice a security issue, we will try to notify our peers without
# compensation, hoping they will do the same.
# 
# 
# Privacy Policy and Imprint
# --------------------------
# 
# See https://intevation.de/imprint-privacy-policy

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEgE/tY3MCJ/8vttlxLqJHc4Dz7csFAmebj6cACgkQLqJHc4Dz
7cuAVxAAmbEEjDUFOdzjDy4y3GyWyL279YeedxymubQti5kd22C22w+OVpAG4ViD
ga4/jBaJTdbZC7fZgjGxDMhkHrdZneM3I7L4kLsY2Zm6l2QkvDcqF/2rOerSMDZg
f9EtPGV0oO1h12eoiTRRTB3DUpuUHjfyY9BDoEsil9a/IXz8i6wlpQWSSybcT5TX
csCROtSeURyf+73AskWC1RZGDjHYTIkFfyYTvqtMyIv3KmVBi+Y+NwqXozTr5zBF
gJ/EtyCzdclVVFOizBUJ4HuB39aIjwh90UYzzoXd5NFmA/i6aZFhFyOqaul2+kLs
NX/TejZQImCOQwYbMJro2uaPIIW4VUnBaA6Ivu37U3x6vg7pkIetPQNNfM/MWSeq
jaJ/HEMpgooErY0yOYurUB5c7WYy5f+ILrFZaRZALxXiVDMHqQwsb7gYGPyS5ylI
BnOhLcOXUiRZ5P14mcq3rmVjt3MDLmcrz8DsTEO8xSzmmYFiyQzT8gHa0PwVS5y1
o8CABzIyoWt+WNuGwLjOW+mpMLw6vFbY2uY1x30N47hDp//W5lfofU+VepZGcIM9
9VlSXAu6KxikP1muDvRy+cZKGMOWgp9vHfmuthUYJxckLyT1m14EbKxpcBFQor6I
Rf6pUHUowYQtFw0BEST2yhSw3bEMFs4Uy1Gcizct/MHc4TcnE+8=
=fc/W
-----END PGP SIGNATURE-----