A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@event1.io
Encryption: https://nprail.keybase.pub/gpg_key.asc
Preferred-Languages: en
Canonical: https://event1.io/.well-known/security.txt
Policy: https://event1.io/legal/security
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEByHXA98wO2GvDAAbReWyn1GrBgsFAl1XUp8ACgkQReWyn1Gr
BgtSLA//UKvuhEAWW0TJU99DYT06Rus6GlG+sCihClAdzeO3ggEXsqE/5tnBlU1H
ul+4cGcuIHEDgYoUtkPTjpmgDQ5WkAEv+e2Pekkkk4O/gVrUiDUKnUsu1srUWU16
8n2YNcoq929kvK18uIn89Mm1ZFdZZIqwRSeGSvq7q2ckehpoS422dPTDPVfWuBks
zeGtjtA2SpyLD7Qx3Tx7Zqj0g2B4uMHB5qEP+QHLv+LcyPqqZ7MxmmYBtotzHFN7
2L5XK+uhY+SsWnvzcUiOuf6lmUvIEDfNDU0Wo395SahDcWBRdNRm9tn5zrlC1enA
WFVZ3yYRK/+fmbpMJ/U+yp6l7z/aY0lpV0p01QRFQZMrMiYb9QvtChyxklgFvOaG
CINQFOjSbLLsH69n2LuHdcqnOchlA0eyRTEiIBLIP3P2EM1+ibfQ3T2SJIr/TmMk
kIyTTWFrlg/gavXACronspAcxdh34IxigjoWzlx/pgwrd6hjWNfuOFdN5QiM69Ai
RoZ1uRWdOfP20nfx3RoQaqOW32imCzPbSb2DcAUAlvTimGucj0rrI4dd7r4GmsMd
EK1h2j3ljvoOve3pmhxW3nddEof9FNnuhIQobkazbClx4VVV8bvMDibVPTf+fk2O
ZNa4kscZ2XtvG2N17gAfEDvhzQehtHonhPGbWQiDYFmsT6Va5iQ=
=kGGE
-----END PGP SIGNATURE-----