A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@sitemorse.com
Encryption: https://sitemorse.com/security-key.txt
Preferred-Languages: en
Canonical: https://sitemorse.com/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQJLBAEBCgA1FiEErU7DqxlM2cnXh9yqjkf2DKWJSiMFAl1VP1kXHHNlY3VyaXR5
QHNpdGVtb3JzZS5jb20ACgkQjkf2DKWJSiOIEA/+LbLope26MQ9yl0PI3JxwbqYU
CAZLCIh8CoXuK+7oNQFrLikMcY6jyGhf2KWa8zhRVbrvae+oEDECeCxDBlUzbdvj
y4a5GXBHBhDvTyUmJSsvQqI9xMI+q3Bke2DMeXzpqbEqkHtxTCM0zBvRmsh6HhOA
8/nctf/HxW94EPjG/hODXbdqUWj2Oqj2ndjKzOMZCqJTYtGHOtcwvcKJjakeeU/Q
v8IPfiRZ2PkcvD/Zup4OpHP+Rh1PzXNEy0wIvhzlc4z4MtPfY7dMx7tJ9K1jxqi9
FCV9LL3QWG/WTbimZeyvzcWyfnhcQ+UyfqNs+xnEgAtArOYgsL7I1LPwCPwps7Bv
gpXSyLOhN2ntTkqF5V+3xbmCX4AHrSlf64Ushxt3wzz62T/RLDPPG5BYWR08yIWh
lUb82xrOGxtYZ3Ut9JwjooZ8g/yy3PQs3iN4SB8uu9N/2taJh6mdekQ/QpWEs2ZE
wAHHbOfpE1c1AHGJSSirZfk5FnguzhjcmCvVX2+gR3INfwpcwTBxtyWJLxG7Os3S
spHWlXb/Y9UraoSF2Vb7jiSYRS14gnpxX98inoHJPfIPB8T8PkegOaQM/G1Go3aP
DWv2Y2pC+ZNnUkYTvQMRm8chIb2xAV827vXt3tMFIez29SzzwDQtZzlC3wsfk27R
sCxf3M4SfJUmG8sgW7Q=
=kT09
-----END PGP SIGNATURE-----