A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:oto+security@stdin.cz
Contact: https://oto.stdin.cz/
Encryption: https://oto.stdin.cz/files/openpgp-2174365BAE15F308.txt
Preferred-Languages: en, cs

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEELik+BjtuH85FxSdzIXQ2W64V8wgFAlzNuJEACgkQIXQ2W64V
8wj/8gf/dtzuRAYaSo4cuRoBSNDTC+Nt7HRGlel2PrMMy9h88qbRseyJSFRwquzT
R08vFURElI9q3JyiATU5IdB2Mi61bo8WmSQPJ2LTIknS09tdIYgXo2ap2tZl8LIw
Z6x4UxygYhYbPUGLcst+2JraFF9dVOpUP131Ol8dBRQTcbxF5g7WZbGlXXQnREnv
EHRg8ZrEj6HG9PKT6uZuHiFWmOlM6XOIA+0rW10OTFKLU4bTyLLjH/JWVvtBJ2xv
s8GV8+ZoCYv90wUH5Zfrc5Ft3gVX+viDWLso8G3ET3IxMVHHKLQ4s67IAEPsiJqg
rQL5vH2pfTCwYsOzD4Mpi2Mwd0iOJg==
=x1Nb
-----END PGP SIGNATURE-----