A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:csirt@siemens-healthineers.com
Expires: 2026-01-31T18:29:00.000Z
Encryption: openpgp4fr:2F6F10718296C3D83CCCB39837F821AADDEA88B0
Preferred-Languages: en
Canonical: https://www.siemens-healthineers.com/.well-known/security.txt
Policy: https://www.siemens.com/global/en/products/services/cert/vulnerability-process.html
Hiring: https://jobs.siemens-healthineers.com/careers
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEZCVcFTpw/e3mo5J6MEkFjcQsa6wFAmeA3vAACgkQMEkFjcQs
a6yoPhAAlpBB3EtEvRHgFp0/7kUfN/+AyR31EFJpvMrpYdSnEEf7eTqgLeBBVE7O
zD/YIU4fPlY+t1BhZiSR42tE+2Rs45ECSX10GnSn/CRTVT2vqMTJnOfzkQzv5En2
nWj5m79Ft8H6IR5lzs5fdRc0JABgElvPp5tJIdJjrBgULaPpEDV2PmSKJlj3M5V3
O/pHwjDcrt+NNJSTovYMJbJkZj4bQao7Gun4Xj78LmuIWiJIDZFK+FNKVNQJDC8B
MDbgdHEloXI8WcvMhi3FFSxgfXgDavhuLBzHLMAIunYuFZMbyZ21XcDdV4WtFpWE
ZBu9FVHOf/x5ysImB0N8CXJ+ca0MOBRhI0xnTvI1zKzl6itvrNWAL1wHmpPlEeZ8
/u/GzInjIyKym96HG8VTTpn8GPGX1xm3VVfFm2MQ9AVxp/JdhX5XY7X33yKWZj5L
Bv+NmrGgjcWdvk5yEaxb0wIUROfx+dMThIMuqcjISSFuu2RCqNDRSCXvyCwO/RSI
bYdQBq+1UGOHFntBd7s8K1BOL8EnfMW+nXZSzGitsCY2rD8KEP5tgPK8wl2uGiLQ
x+0reja+n0YP43uvJ15U/H6rIkmlT0H1+/wkPoYxLqscmzfcrT50YGqsAXiZEMiN
9ayLsT18tW2elqfQALF1P49Zxka2pc8eDWEvpDSz+m0iwiXBWac=
=I3PP
-----END PGP SIGNATURE-----