A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: https://www.finnie.org/vuln
Encryption: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x42E2C8DE8C173AB102F52C6E7E60A3A686AE8D98
Preferred-Languages: en
Canonical: https://www.finnie.org/.well-known/security.txt
Policy: https://www.finnie.org/vuln
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEQuLI3owXOrEC9SxufmCjpoaujZgFAlzfcCAACgkQfmCjpoau
jZh6qg//UgIGKpltCPzuKvqjTW0q/SiMJdF//rhYALZzOVCOI/ZBceLmM2/EciTp
mVRnMd95Jrr0T9K+QH0jPvty/tfXS/wvtlpZw+33UdLe0oT1Xl7ex7PJ4ZWDdFsV
cmV+OARF0UsTPUbQ0McWrzru6Mg+fb8xz+2LFsQy4uvUI8WNSttCidvWHCTxoBzU
whkFGm+JZpls6/CkoYmSpVk6o+bWmmkZjIrv5/4w7d68oHthVGEcrh1zi3HUU4bV
ssReugzBs+gWJMmBv61+Ike0jmbTbw1WMzbgftLEWAjErmbwoagteALvXLWzoDwu
whIPo7g9GdIlxOqbuL+qLoBsyKE66UZYw4sfmDMncIQEPaL8n/L3lQ0G6LmnBWL1
bV9mVn5YLQHA+WZ8uIksahk+wwNMvf6chhhvVpB0/04Jym7P56v5ZCybql4+IuOB
Jr3wUPUrt+qbCUvKTAeBb9gAy6LKhWe6+r61aNTeGrdm84XXY2AjJJlgD9W82O35
S+F5W7ESnrr/WVFzZhIO8njTQh+GKdaSjB+IUK2Au/raq/dEhvJ+NN5Oku4OXpWE
PWrGtbkM+nY2Rv3A9ITTQDwTMQ+r35b6oKIZN57PTu2st770qvNM0qoQAGax7guA
VMkW+SRDOt6yyN8GRCBQR39MJEMM85gS1kAiijj9+qhACjWa41A=
=IciV
-----END PGP SIGNATURE-----