A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Canonical URL
Canonical: https://www.celnisprava.cz/security.txt

# Contact information for reporting security-related issues
Contact: mailto:csirt@alef.com
Contact: https://www.alef.com/csirt

# PGP key of responsible security team
Encryption: https://www.alef.com/en/csirt/key.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJcty6XAAoJEGok7awIm9G6j8kP+wepcJJUi4cJTADQnnL48Wtq
hLTkGNKHJifwsKVi3135xD7SXUPu/nML1aEvvoCDszTiYmSpERUiA1L8DPso4tFD
rGJi1AVif1C0+fHo3n11rSmJyg47wqHnfOSvKc9bD0S6kE3jLEronC1BA88QTlOz
GqJ9/75v3gQNfQE7+ox7D/6FuCAJqlFR0Pxl4opHsrC5x6GcfWZJXE3UYphlZ82V
gjEYN167wlO4+nbMBnKUvPlDveBJmc/hX+hxiiYNoqpJGCpNASY8nljPnozpQ1CX
PwzvOAq/3iMCC779fIpWi6sGor6Kkn8ZvZAEP1xHyh/2JLhEw/1Ij9ku2qz4dyCL
5lhfWxepPwsGFKM6JFbMOcE7+5CAo4frWtkloelUIl9rOrrBesEdVvLmuDm6h0Ab
0Sv6T1hf3/WCkHkosD0HXHMddfiSvJf5UP4cu8es5Ds7CDXrKNJ1aVgMy97jRHfE
Hx6sEBtZqvHTjmt2dZcKpF/tfjzJcgFi2SKr90MdSjg4FKCUqIIvm7FnMdToKoW1
xVCmhw3EhhqAbPtuomdH8rI8QN37U3DBqA7xdRU/8xs1psC6iwgB6fD+rocu7mt0
Pxz6moMqbsT47HYHcw7uJfRwHXPaC8kiNfbEMgp8jGdspPyeEei86TqZcGYAeJWz
NCYJVMtviLwafJokmaGb
=8XJB
-----END PGP SIGNATURE-----