A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# For Coordinated Vulnerability Disclosure

Contact: mailto:vulnerability@bsi.bund.de

Contact: https://www.bsi.bund.de/Security-Contact

# Our OpenPGP key for vulnerability disclosure

Encryption: https://www.bsi.bund.de/CERT-Bund-Kontakt

# For BSI related Security Issues (Incident Response)

Contact: mailto:certbund@bsi.bund.de

# Our coordinated vulnerability disclosure policy

Policy: https://www.bsi.bund.de/dok/schwachstellenmeldung

# Our security acknowledgments page (Hall of fame)

Acknowledgments: https://www.bsi.bund.de/DE/IT-Sicherheitsvorfall/IT-Schwachstellen/Hall_of_Fame/Hall_of_Fame_node.html

Expires: 2099-06-29T12:00:00.000Z

Preferred-Languages: de, en

Canonical: https://allianz-fuer-cybersicherheit.de/.well-known/security.txt

CSAF: https://cert-bund.de/.well-known/csaf/provider-metadata.json