A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: a3Jpc3RpYW5AaWRsZS5zZQo= (base64)
Encryption: https://idle.se/kristian.asc
Preferred-Languages: sv, en
Canonical: https://idle.se/.well-known/security.txt

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE8/FZAkrx2RFTfNUqRthOetiiPRAFAl1yDV0ACgkQRthOetii
PRCJWw/+L8br+fpQPwYvF/nUL/yhogQRDkMtWNpL0sFiPJttfI/BHRoNqIYd1WV9
N/BGKuJAkcFGbQGEyhCInknnAouyI7UT4T7TNQ9UM3rsrxLttj3oC7x6tsCaWNVk
T1k952fVKHM2BOLhpu198G7L93ANCy6gjC1el6WgsaNkfzAYG+YraAXOI1mETCOm
vtZ3YSb/q057Qd9nim8KRS14pAsoYwXZbSL5CGgTpQQWSPP0z8iJeiK+sVntpM4V
WK6lfE4CYKuTQtm2otdBZrskvvoZV1qs5mU5liP9Pq43gPDtyuyEMSI1D/tumKov
rh9mJkHabs8ZGaSANhflupb3JjumCvilszWRDkd0VnVuc5TPbZeW0YvMB7sxb/4a
Kz+GYM3BRjHOCYaEzlc4yxwzhQSi9xVTaEpz13smqCHfcarCX2R7m49KJtdGb8Rm
EiQLbUiT1WdTzPPAKX/vdO5fZdLyUaL+ADK1GR13wjPceNjfWCRNuB488niPOxz1
zJ3QNuK3jK1Fc3iKj6P91SNqqEYm4E4OScqN+D3SIW0vRF3jX223KOcoKbW81DS0
agKKk2AYA2EY7n218ObK2pUhvt3UhJxpXdt2Hdoh2jAXyMwU7euhoNCRpkspPh8f
pxOS5aCOMW5jm2vxuiQDeycr8tQdJCXGYYskcLqdVqvbRRkLc6Q=
=t12L
-----END PGP SIGNATURE-----