A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

Contact: mailto:cyber.security@arco.co.uk
Encryption: http://keys.gnupg.net/pks/lookup?op=get&search=0xF1ABC41F6BB53185
Acknowledgments: # NOTE: There is no bug bounty (financial reward) available for reports
Acknowledgments: # Credit to Vaibhav Survase, for the most recent items submitted
Preferred-Languages: en
Canonical: https://arco.co.uk/.well-know/security.txt
Policy: # Any tests which have the potential to cause downtime/denial of service are prohibited
Policy: # Traffic is monitored and will be reported to the relevant authorities should this happen
Hiring: http://arcocareers.co.uk/