A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Information related to reporting security vulnerabilities of this site.

# How to communicate about security issues.
Contact: security@postcodelottery.co.uk

# Expires

# Encryption

# Acknowledgements

# Preferred languages for communication.
Preferred-Languages: en

# The most common URL for accessing this security.txt file.
Canonical: https://www.postcodelottery.co.uk/.well-known/security.txt

# What security researchers should do when searching for or reporting security issues.
Policy: https://www.postcodelottery.co.uk/policies/responsible-disclosure

# Hiring

# Please see https://securitytxt.org/ for details of the specification of this file.