A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# GPF Security Reporting.  We appreciate all feedback from our readers,
# especially if it helps keep your fellow readers stay safe.  At this time, we
# do not have an acknowledgments page, but that doesn't mean we don't value your
# input.  (We may add one in the future, of course.)  We also do not have a set
# policy page yet, but we appreciate your discretion to responsibly disclose
# security issues privately and allow us a reasonable amount of time to address
# these issues.
#
# Since this gets asked repeatedly of late:  We do *NOT* have a "bug bounty
# program" and we are unlikely to have one anytime in the near future.  GPF is
# a very small-time operation that barely pays for itself, and certainly does
# not pay enough to pay anyone a salary, let alone fund a bounty program.  If
# you are simply fishing for money, please look elsewhere.  If you would like to
# help a friend out of the goodness of your heart, or just want to make the Web
# a safer place, we'll happily listen to any suggestions you have.
Conanical: https://www.gpf-comics.com/.well-known/security.txt
Contact: mailto:jeff@gpf-comics.com
Contact: https://www.gpf-comics.com/contact.php
Encryption: https://www.gpf-comics.com/gnupg.php#jeff
Preferred-Languages: en