A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: whitehats@reddit.com
Expires: Wed, 13 Oct 2021 12:00 -0500
Acknowledgments: https://www.reddit.com/trophies
Preferred-Languages: en
Canonical: https://www.reddit.com/.well-known/security.txt
Policy: https://hackerone.com/reddit?type=team
Hiring: https://boards.greenhouse.io/reddit
-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEE1cD4xEQeM0fIV4BUct81iRYiOc8FAmB1pV8UHHNlY3VyaXR5
QHJlZGRpdC5jb20ACgkQct81iRYiOc+VFhAAjvE8UHD50pq//orArxNoj1Jq4j4z
zRXL7mCC+7UaGIdaPy6xP53//SQ+09eIL1LwhyAsHNqWcVFt5rld6DIZRl7Xw/s7
+R3lS6+ILRCj6fAa2+W0aIODSlA40NF+ZJiw0PQUDaupJGmtNjMSqBTz/nAbQ1x9
vfwAM1X5h7d89/QqoHiVMqkqk96NMA+Y6kqTTv4ahc92DsKpNoWnTdX0/mBHrVbl
l6vgZEXgozcbrcaKosFdUTUGrPvefSbExMXwkZbw+XpLZLN0FhRAulsb69PDoZEA
LsAwvyhC+p23JWQE3tWkcuXmwhkQamu/t3jqFFtIYzCb/mvqDLSZzsUPEY4d3Clk
C1u9TuqTRIB7hKCXUmeF0OYj+UqRPGnDN2wvHlDypJeCq2CPRDa1w8fYbG8pu8Ba
XgQj4G6S6xmPtrLDegZas1gvJHkNqF/M1YiR14PDPHnmoxKeWve3ALVYJ3gZQ0NP
/sUrJQRKF2WCzESfmw8flLgfyan49CI7n2qbXV4v/0HIeYEvOPlX9STwDbZynNcy
Batp7KU/6JAkxfT2rdaV0e7V2foqAI95tWoX6wMc6Pngw3e/ltwJZy9T2+iOzQDH
4aIXgYHY10gM+PfF3ZeL7w/pfIebNMJWj9OJdrCiRwPq3lfsNyd8FXgvPaN4zahv
RTwPbuNLC/i+vps=
=IrMf
-----END PGP SIGNATURE-----