A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@x-labsystems.co.uk
Encryption: https://x-labsystems.co.uk/security-pgp.txt
Canonical: https://x-labsystems.co.uk/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE+B9oR9ordW9z5WLHM9bEQCoMRSwFAl9o/w4ACgkQM9bEQCoM
RSyQeRAAld72iogPMxSv+DJZe91Dw7PPEdeq3v1CeJLfWbzm9VaDvaS+aTUPIgPN
meRuVjpUI7cnApseIsM/eNo5anmbcRQ0vkRjbeByoM8rjJHjKSh0+jvUOb5QIR62
MzIkBbJddpcE2Za+dYk5xuoGKgnYJzWerMzSRlRRbvANPOjU1+evrBl+nSx91Ys2
SUsbaUVKE8AmcScf5nJ+Ky91EGxSPCDCaG1d/Ar9exOBVZ0Kqf3XP9EebTeq5cPf
/++xmNxTynUK7r1Dt14D2848pdzjv6SbiTuu/NMXZXc/dYBbC6Lp09nRJjD4wHx4
o3pB9HEiL5luRlWuqJACW9ataErMiXr7jlXY3HDpT3eit7iaqqTbtbcx3wqRTkWT
HjearOqCpquuMskUlcs5dZSypZl+B5pOJflbsCNgYiCsuWeaL7av3SKrKDH3ZvsE
wShETyYZvil3W7L004cDzivOAIlaNOgRjkMCu+yKtyy5SDsPPz2HHW1sPNuoS799
vwyyQTQv6cYSu3q1uBYF1cXnziQ9zFnUKlGpqwlmQNSImsDTjd+dkFpPKKF/tFM9
NeaxsH1Wg86JIpXReTyw+en/D5gikO/3hsf2j+ZKlqzOOVGy1d8smVOkC86bZjWX
yGv24dqlrDVHn9q4OzbGP3JTlVBa9msQrqL9y6R8Q8I0w9QDuUc=
=MMU/
-----END PGP SIGNATURE-----