A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256



Canonical: https://www.medel.com/.well-known/security.txt



# Email address to report a vulnerability in a MED-EL product

Contact: mailto:productsecurity@medel.com



# Email address to report a vulnerability in MED-EL's web site and web services

Contact: mailto:it-security@medel.com



# OpenPGP Public Key

Encryption: https://medel.ent.box.com/s/nmxacakolhxquntym5el6he1e8jjfd70



Expires: 2026-10-17T22:00:00.000Z

-----BEGIN PGP SIGNATURE-----



iQIzBAEBCAAdFiEE0IlR0+Odd4As8ImkN4zypIiaNS4FAmWBVmoACgkQN4zypIia

NS7tgxAAlA1tPQj4+IIMK0xJEKZAyhQ5uc61pCSsrjfH0Ejnavp8svPDx9Wg/kDT

QfaFp159ZZ2PNkSsx/YCzgs2uBTK15shOkegrHlGZ+l7y1QwHRKMDi7lOI8bUTPv

zi9lBgSmJuMmhG7RYB+8E8ywUUeE7iwFwfDPAvRvlw0/ocdfUZsjmZiXolV/pOqL

00yTfcHERxnFwdr7COO0bspR2vBBnwq85gt14XLO/7LXUXlHTKaw40Ef+pPLlqEo

aDFYf8vsJEAoNiLZRzgnSReCOc8vHh9rTqYLztjWF6Yzz+2u674k+YINVApOe6fX

IDYbu4cSrP2Hp2YO7BNIXywPZRXF8S3h/xQO843DLOBRtngza99gPKNTeaX31jl/

HxJXXWOM4+rFFbv/q5KUBXUcbJUkZWKMnmMfvEqZdOmZ+E58ScqwUI7OVnp0VdW+

JULdjgZzKwJRyEhjeCKSXZ6Wlm1nemyx6EdAMBTyuDvsWZ0uv6e3pgFaGTa/HtqS

L+m7+75nVJe2uwD0MnuWsoNOTM3dAw58ez+HcXnLK1ZLdf0Rv/ssOfAzGQs+BHy9

DMs3GjRuNQQfoHTZiPSHX1ihSl/UJsZvgnZHZ+OnKktKmhNkiAYWxA8vJZ4WA+zF

pHwyur8qs/Lllxy3lzbj2MgVN42LxpcIbCEQ6Dmkl6aqm4ldhP4=

=Eb7g

-----END PGP SIGNATURE-----