A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Contact: security@solutionreach.com
Encryption: https://security.solutionreach.com/.well-known/security.txt
Preferred-Languages: en
Canonical: https://www.solutionreach.com/contact-security
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwOxTKbbEUurO3igZRF5hjrBVk3sFAlymQlUACgkQRF5hjrBV
k3tuzA/8CLb5QUb8jAeYhEyL+jsGBgblgteskkRbGm0drbCxvGZZMsBo6Znox7Xg
8M378HD9Bn9+xvLXsRhWC/O8wrDy6ACVbJaFelop9tds+l4kyRy8PhqDS6++Js0K
KAjbEUmRpwTdYmgHVdwqE2ms1q/nuwa1yelhx/IIMy9Ls3MJpBtj3WmwMdhp7xy9
IKKL1Ye6Z80Se+BCq7ritQtK/D+hj1ngzlDSh3hhICiBzggw8vdLaxAO1tngMrzy
9vcQfcLJOY7nQP1PSnGWmloghjW2MellbKzUoW1dYeXl2/sPqhUcuXHibkJkluEz
TwRgyjySum7U36dt5i0VxcVvTljvflGng6nwY2xovUbFOaWxrJB8BuxEJ2yoK/Yp
/OVSeSbBBZeu5lscKtgptJo22cccbe/PuvXDKiBTjVnWkEdVsFyKHyjcUWeR53YL
hp/631e6tQAltC4CbaWeGqhaG7XYY6Gg3jIPjlbNYbKnpTgsbsd6FR0YTaKTXeZ4
3Wzj1YtHmxxDKSjZf6sDN29zzxunO3W6sgK/lifidDQLgqeWx6s14I75I2kWGqmf
gE0fLw7Vylw8yLBp3NWdIR3FYgPvOiNHdNtHytz05x0cHU0+IQSvocO5GVkf56qi
q1zJIHGmNi0oCxsFqEUFc1M5cK2KJWaxre6gWyho9LVt0qzcMl8=
=erN7
-----END PGP SIGNATURE-----