A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@osa.cz
Encryption: https://security.osa.cz/pgp_pub.asc
Canonical: https://security.osa.cz/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEmqQZoVjJbL5iV0xcq8xTnvzRJaQFAl+yYGEACgkQq8xTnvzR
JaS73w//dJJkGKYyVlkueQkP1XlqnTz/ss+k6EIGgJ7pbyb//hM1o1Y02e5u9tPK
ra/uoIW0TzLBLUpG5JahFA5eVBz780nSmcxGtI1iVPxctr2SowIp7kfFuQSl24DT
y3/6fQVLLuCHGcyXvoNrGhgTdowbUaM6KXOnH9n3gwfEm7184IK/atatwCUK+Ouc
tUYLDJ/wGLCUQuAcPKagTwGJRnjrAvrgmGHb24F3Ku1nWh4v5/z6i8oyqZ5srhVY
5fYK7sdIzaT/n7UksiGZxdHt3DxxF6e3akeOcsuz3+E4F9TYDyMG2KWgBxjDgtR+
rliZA/6mBdDgClcjKaXKBZT96NFMY1Qpyr8JjWisnLu812dsr5R6rPOBgs9JdALZ
9d/2nFuqqyeiZPwhm+sweJsdOEOA7INyyi2PlkUsvR15czRB/aGMy8PpXKztzkU9
q+i9BeUERszRDMiffqvGGkj6gx6QU85n0TG4LlGNYPM8TX67SQ3O1Z3stHRkCkn8
Z5eY1Iey/hfbwrWiiqrQtdLsiFl7rRd2aiEgxuWBy6Z2DkUUh44UTagJz5nlGnjr
Vsu4G6ohebPZTgzlx7M4BXqoohhFsh2Paul9P+LsfLVym5CFH5Si0AP6RtYiwAFa
ZiiD/7HAS4CDfp9wIFCh5VE2z30MqtScSbBTSsDIOO/EQ1okXuM=
=6eSV
-----END PGP SIGNATURE-----