A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Cultivate is running a bug bounty over at HackerOne.
# By sending a report to the email address below you will be
# directed to our page where you can submit a bug report.
Contact: mailto:security@cultivateai.com
Contact: https://trycultivate.com/bug-bounty
Encryption: https://keybase.io/cultivateai/pgp_keys.asc
Preferred-Languages: en
Canonical: https://trycultivate.com/.well_known/security.txt
Hiring: https://trycultivate.com/careers
-----BEGIN PGP SIGNATURE-----

wsFcBAEBCAAQBQJeO0urCRA7+EtCRbLcVQAAMvgQAIvRlH0qCUKjFwhITithYGvk
8mCYkM6NEfBsX/INgDQkD6McbOU5OEUyLpk0cM4gGmz9zIM+PWh1PXpSnJi6weiW
ybjXRurKUgp8WhpVUQBzsoIuajmt7dze1WqGafeBZVX9v90MA28hosXPYY6SABqR
TY84Zq2QmmV5V3iJLWq2QL8zg/J7SpnmLHaX1kGtjzBbH6Yy27qC3guoPPcrMENg
ihvSpceEMxVKnBlBPX54zxhN0rQ23DgHjmtx0hF+hgIzEwI+7qosB1Wa8uT1UDr2
zkJ7VtIWNjRCRe1pa9DLMWhz7ajmjTK/mJXeFXztVaYl/SmYiPCxa8lpCz9NQ2CT
yA1csxMT17eA7c4/lSmqGO2SVVrc/jU+ZizY1FyNRmsZW5Pi7/m7rwgeaTtTHB81
sprf5T9un2QEPaeiwblPWKj+mqzbpF/6IWdNL9EsBk/onESWDbUSSMUg8cfkrPTD
BiebGQp6ukrT6OaOeDDGyAs9ygOpuey5jmcbKfrPdKTPpoLGpxGVXdkg71lDMcTW
cNVYy34v9VQAkIU5JOw+mkBrYQXmpqQnNtzMIXRhI3DZko2v3m+dFPmDaH3A8l4s
8QDm0qvGIsGg71ZXPOgKj+rACEG5evA69b8m1wzO5cuPToYfiX3iCK0y/8KieROY
P+dXD4NoFdzbAGIqIfnG
=cIhM
-----END PGP SIGNATURE------