A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512



# Our address for submitting a report

Contact: mailto:security-report@d-fine.com



# Where to find the security.txt

Canonical: https://www.d-fine.com/.well-known/security.txt



# Where to find our PGP-key

Encryption: https://www.d-fine.com/.well-known/pgp-key/security-report_public.asc



# What language to use to contact us

Preferred-Languages: de, en



# Where we will honor received reports

Acknowledgments: https://www.d-fine.com/en/vulnerability-reports



Expires: 2027-12-01T00:00:00z



-----BEGIN PGP SIGNATURE-----



iHUEARYKAB0WIQTB4VDsoY/Y7Lh9turhPfQz/PLp8AUCZ/OmcAAKCRDhPfQz/PLp

8GNUAP91wdNiPCTAxnvSE0NsBYZ6r1mLMZL7HltN7Hwt70s8BAEA4LQIqTef+7CT

JSuH3HjJ5AO9y6sigkxj4NaWtBhD8Q8=

=f8s4

-----END PGP SIGNATURE-----