A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: petr@stastny.eu
Encryption: https://stastny.eu/stastny.asc
Canonical: https://stastny.eu/.well-known/security.txt
Preferred-Languages: cs, en
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJdkd1dAAoJEIn+qiAX8IElz/oQAIkFHMxOMNEkFFIcYLQ4w1GM
2+DGYiPpURQYToEqBa1Coq5IrDnDFm0lJv/2SJ+N3Dr5ZAWY2sYyziK1fHg5JPL7
66aUN1fwAg1E7NEVur4Wruqm2NeVXDB6Xa3McPuN+bew1Pcf28y7gIaRLzPPtY/k
eBfFPQUMsQDOewaVWfZRfHEcjkBUGBOIpDLJY/g0yziSyRhAaB8pfnYhY0Lq7vKX
fpNvTqknU2peRTkdwwjI7Btqux76lj0tL+EI1yvANAPyAkINI0xj0JEAaci3p8cr
zC3MVDbPSzsPD+GB1I8BIsaoT5DuHCiWWmO/ETrOo42YGVN7d9ReLBsoFmIRRqjz
/wZVEEw2mSeXsR+99NC8JeQbwo0hTTuFKAYDkZxKDXTrkN8vJevdBU51/DlHVy7C
sUMS9RWXD/3k4JTHnBM75S2mfvA+tIKCnJ5iGjoJF2y2DUhaSKEW95pbbqDAZG7v
03eHplr8QF38jVG8dGl2QqLoUFRq6sLQNr2eNAzRPo4006wgnkQ/kKW3MmSGEHjq
mLLwRyIYfhurY7imvQr2bSOFGzRPjSbnmdwaf7Kng3Du8DrWyjXu9oMe9KcYWnkn
mIGrtv+41d8w7384pcmFXwfYc9vDJqbuGQaGC22Rlg/3bDyAPM6waoTNyjkCrfin
2xWLuGIWRDP1ghxvSSFB
=LbEJ
-----END PGP SIGNATURE-----