A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: https://www.atlassian.com/trust/security/report-a-vulnerability
Contact: mailto:security@atlassian.com
Expires: 2023-03-06T00:00:00.000Z
Encryption: https://security-static.prod.atl-paas.net/atlassian-security-public.asc
Preferred-Languages: en
Canonical: https://www.atlassian.com/.well-known/security.txt
Policy: https://www.atlassian.com/trust/security/report-a-vulnerability
Hiring: https://www.atlassian.com/company/careers/all-jobs?team=Security
-----BEGIN PGP SIGNATURE-----

iQJLBAEBCgA1FiEELDj8C8lOTzpbVRHjBln3vJPyrugFAmOHzvYXHHNlY3VyaXR5
QGF0bGFzc2lhbi5jb20ACgkQBln3vJPyruheQQ/+JRxyd3aiMW9Pa/1bE3dx7v8b
4Ollz6ozzcMIA8GvEZ1U2Ib/XmIcDyoleLRJShymGnpMvzqrYLssidlqjU3bmQIz
8p890pbZkz6pdp62QWTX9w3dYh2jFZWJRsFmEfS2U3OLnSjefWvYWEgSHceCUZmx
5SlVvAW0Y3javwoxey4b+wFLe75yCiT5MCYNpuokcQ4MoCDUE6AYo9wJ+S8AfNeg
Y6nBn7L9v1ufSCvMsnkBb1e5uYJmr8R4TPT/t4S/QGWgQv08TPGpfhb1wXoytZaD
yw85zQ91cTXFs5uZ7y349gsyT0QiyDL2c5KztlROp2feEO0lBnV9pqw/BDV+SdNX
xWeGhCeRO8I+SkhUl3pLU6ujKJH6ZKW5f2gtPWjLPOl7AJ9DnxnsRQMlakV8SIcG
92oDphd3WWG7OyRVfleuqouwyLt+5WavxPOY0QL/HX45Qb2gk+6KqWNucbdJQY1s
kHk81+/2ZGdgdIIzhTL2s7ngWuw3GKyVS0HhvcNnYIU2eqeYqDyz0fozqt3p39Dm
Oqdqx+8A+Z7UzH6RugqtQE1YnABU1ZrvFD6IAZkhXbIFB9R//zzKMTIFtYpKv4YE
qkRNt8zoPPC60xW+5n8zn0+yhtt4gGU+7FEkYH98AYRd6ONIsbOaZmVD+vYx/gwT
vUysqGCvfX9dRTf1iOs=
=FcYF
-----END PGP SIGNATURE-----