A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@cyon.ch
Encryption: https://www.cyon.ch/security-pgp-key.txt
Preferred-Languages: de, en
Canonical: https://www.cyon.ch/.well-known/security.txt

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEFjiiiNTKgK//j+lIaZd5yknJy10FAl2xdZAACgkQaZd5yknJ
y10y6w//a/VkNwXG0NvVVODbLXEjNCux35NJH2BuG+OKrvgQTPYy9b6mBC4NyaMi
4xQCr246rYzGkFfwU1+xM9J75uHhJ4pcxqWbq7D6GiNWK5XUBFOrE6IoPuZOKR/O
buAbmGIdKT0YEX4GytP1T93I6zpKNfWV31/qnmfRYMywbCeyItVTj3nuICiQ/JjW
/Ptapk2W9Ey581etZGaJbSsds6Jt/33K7FI/g+oV3GTmj//oVMsLuZboKnDQ/19c
JnKAOsMUfch0J+Cig3+uxW2oMIqJanmAscErHa3PPcMTWgM1M6NOIYozNNO4H4Ir
hlBNTcgNKqfIhIWlS7GatEMEhe8nOVEnZNoC5JrqMcBla53pnQjUROWr18SpuscF
sXMR9c3QIWbQTP4/dpGxGda3IIF+lHDQttWw6dIACxOD/YCzI5rMgJ6+uVpm08Tm
rJeO8E2eXuiuHsmFJADaLjg8lzgevDH+JwniLbboBQerIEVf75vUHy+jcIv1H1OX
OnogKP2qBB2fA15fT52nkljI6DPHd8d9tw3Y//NYfS5cRaY+FqGtU/wgVnWRUk4N
z7lyRy0vBbXUoAUcFNOzod+wBU7KC1xFrNL9TlCAwGYGa1YI/QpxAGXwpy9Dld4W
rtZRknLKsPGFcwtfIz3s+NE2+2WY6Bs97wVTajkAH7Tgv8DNtoM=
=BhxR
-----END PGP SIGNATURE-----