-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Madrid City Vulnerability Disclosure Policy

## Introduction
Madrid City is committed to ensuring the security and privacy of our citizens and their data. We recognize the important role that security researchers and the broader community play in identifying vulnerabilities in our systems.

## Reporting a Vulnerability
If you discover a security vulnerability in any of our services, we encourage you to report it to us as soon as possible. Please send your findings to our security team at security@madrid.es. Include a detailed description of the vulnerability, the potential impact, and any steps necessary to reproduce the issue.

## Coordinated Disclosure
We follow the principle of Coordinated Vulnerability Disclosure (CVD). This means we will work with you to understand and resolve the issue before any public disclosure. We request that you:
- - - Allow us a reasonable amount of time to address the vulnerability before you disclose it publicly.
- - - Avoid exploiting the vulnerability beyond what is necessary to confirm its existence.
- - - Refrain from accessing, modifying, or deleting any data that does not belong to you.

## Our Commitment
Upon receiving your report, we commit to:
- - - Acknowledge receipt of your report within 5 business days.
- - - Provide an estimated timeline for addressing the vulnerability.
- - - Notify you when the vulnerability has been resolved.
- - - Credit you in our Hall of Fame (if you wish) for your contribution.

## Safe Harbor
Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you for activities conducted under this policy, we will make it known that your actions were conducted in compliance with this policy.

## Conclusion
We appreciate your efforts in helping us maintain the security and privacy of our systems and services. Your support is invaluable in making our community safer.

Thank you,
CCMAD - Centro de Ciberseguridad Ayuntamiento de Madrid
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCAAdFiEEddUSSmQg64JkQtzSOQvXE38boNsFAmglbo8ACgkQOQvXE38b
oNtdEgv+J0m/2roOdKAWmYNMuFG8RF1YrMGtFWJ9eyL4ZVuwb129NY49U6UrfXtp
RLK1n/aI+1Q9Ka2p1aqBb8+1bH3H9oL9Mq+m3hvSomaXn9pXt19t8ZFS1hYw08IJ
wIF1TjxNxJ/h6cSkIqUNBsFch4LTybCgUeAnq15uk3XGctXL+wYyQS8fZhO0RcHg
Xd/s5AJzcoL4yJCEBnsrxtXG5xvGDLuRaPLxMwDBUZ+SifSwWKfxNm1Kgk19VvIG
zp5FyBVfiVvlTrgUZEsA+PLZE1HW8wW6v/pkSL7pRzoHezzAGoFDXN2852teBe5f
cB5HbW/fLMNATO0lSLI8xSw5BILDNKBE8PPXtcbAsw1Jh5w0Xd/zudNEm+okGPZM
sFGRK72C92wLGo2i+Ux0mxugOkldw50dmKbp5dKu4Hu02gQx3i75NvyleMutQ+cC
Y33ND9A647VOduMisBPv9LS8vGuWLh5qc/MGoNQ9sUCTqAarzLHcjbEYSMfoXoMn
MOeXvEeY
=f0+L
-----END PGP SIGNATURE-----