Contact: mailto:security@mcb.dk
Expires: 2029-12-31T23:00:00.000Z
Preferred-Languages: en, dk
Canonical: https://www.mcb.dk/.well-known/security.txt
Policy: https://www.mcb.dk/privatlivspolitik
Policy: https://www.mcb.dk/hubfs/ISAE%203000%202024.pdf


# Bug Bounty / Reward Statement
# -----------------------------
# MCB does not have a bug bounty/reward program and will therefore not offer paid bug/security rewards.
# We might however offer a token of our appreciation to security researchers who take the time and effort to 
# investigate and report security vulnerabilities to us.
#
# In order to receive a response from us, please ensure that your report includes:
# - A clear and actionable recommendation for remediation.
# - An assessment of severity based on the CVSS framework.
# - A Qualitative Rating based on the CVSS that is above 3.9.
# - Findings that represent actual vulnerabilities rather than information that is part of reconnaissance
# - A sterilized Proof-of-Concept (i.e., a video, screenshot, defanged URLs) that does not include executable scripts or live links.
#
# Best regards
# MCB IT Security Team