A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: security@wasc.io
Encryption: https://keybase.io/wasc/pgp_keys.asc
Preferred-Languages: en,de
-----BEGIN PGP SIGNATURE-----

iQJFBAEBCAAvFiEEe4n9NNAjuAmqWEnvBqJ1qZNWLU4FAl6YvtcRHHNlY3VyaXR5
QHdhc2MuaW8ACgkQBqJ1qZNWLU76lxAAiuWhE7XEYuQPHflsycW+cE1jMlwAfTcd
0py5YlPEirYFJ3qTIxuz5KMiMTm7xzvKdeyB/755AwltFJjlWDmb8v8c4xOXKOWk
91gDGBCMvv0z2AW+qg4/raQzYUdaajEpSLARbG7fsiRmVyFPDdeh+53yAJXj+bt3
SV3DxJ1l+1S1zDfkqcrxwEf+uncCjHHr/eFtpPK1PMxTHprR/twkSX6XwzAUOrr/
wRrixMIpNnmgu72Jc4vVtj9UPcVfry7xL4SN0JrZz5usK2e8G6CjQLU8gpkDn4CC
wfWjsmE/oU9E/GdFGxqjQF1BKWbQ+8wPGMYK39NbsA2/SmcpffUcNA0OU5wJovhn
RUBG854nvAlQyzP40WAysa/4zD0e1goeji/eFCuQ5c3P9Sjj/awAKprSGqMZKiyN
NJnxU7/C7Kl2QitbkHjzJDKy3swO2n841I8rIUoKE0l/8JZZjGHjqCiO8zO7fehr
5yLdV0K/w4iOgJ6L7gNs+ZCwGRW/qj8lZIsIthwwgCuuDYeuUaFBWf/HOJGH0a7C
8WlRq8qq/8NIi6CE6cjNSsbEroKgLAtR0OZSIryqXE2Y/FmaWxmhf9YACajpZIKW
m6A7g/w/OkPITq5uxMPb+ySoAueWZ6h0osvNLArbxQkMTPK+I9IMXc5wGXfdhCX0
ieGWwmdkHdg=
=8KuS
-----END PGP SIGNATURE-----