A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

Contact: https://support.gog.com/hc/en-us/requests/new?form=other&product=gog
Encryption: https://gog.com/.well-known/pgp-key.txt
Preferred-Languages: en
Canonical: https://gog.com/.well-known/security.txt

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEvgl2EwqTmoGyFDUu3jCbSG8UrhQFAl+FlgwACgkQ3jCbSG8U
rhQ4fBAAqh0jhQgT2EbFwfZwpG55qyJSsyJyHxxqN/kataTJ6RR/Xwex1Ub0pHvJ
ao2q98bwQXw6KxZqaCy1OSFdrGR1vxoa3wn3V5ATP6l1tgTERCqn82J++8hinAgn
GudPeUOLrrmK+094rZgrYQ9d7yCxHFhMueHRy/1Sy4QwbopZqcN565p/uDYjwO1J
5glsoG1eJ6WICaVFGp/ZQ5dZWtpzhkMhiP4R34LJg/OffU/D6Yu8WvaEZhWNvT36
Uf1TwLSTH+Uj55veU0JAkbYpYgwmtfsbk5hyKNR65K8+H2EfzRZSDHzn/UY5PwKt
2KuhV7uiG+1ZKUfWEM/wRnFsu7E+7qRTkpu8Azk298gxeT2juBF6NYbeiXq3iO11
dt4+JJZ+YzmmOUk5K65rnZq76Shch6wr+hK4tHSnl5wl3mkCNSQr+p4foNhIrcEl
EbLUp5FLZ67O3LmsjGlr+ONCEtlTS/gF9475FiCCh8OEWbBzKDnCbq75Rr8R89Ob
gXsc+l7Q7xdHTrTABYDFLOdXD05qzfY9BXxytvArr532JU7Kh4tWYjiceDexCTom
FCqa8Dx12qr5x6qwe4KUVxZJZQtfBl33zN8UVwt3t7m3ofGH+cC7dcVt9DKXrpTh
otPiiLQp3wm9t1Qa52VMM4aQut6OArNW6dtgDDlilF1HtDFLNR4=
=kzaw
-----END PGP SIGNATURE-----