A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# GPF Security Reporting.  We appreciate all feedback from our readers,
# especially if it helps keep your fellow readers stay safe.
#
# At this time, GPF does not have a "bug bounty program", nor do we have a "hall
# of fame" or any sort of acknowledgement page.  This is unlikely to change any
# time in the near future.  GPF is literally a "one man and a website" operation
# that doesn't even pay me a salary, let alone pay for anyone else's.  If you
# write us solely to fish for bug bounties, your request will likely be ignored.
#
# If out of the abundance of generocity in your heart for your fellow man you
# would like to report a bug or security vulnerability that you've found on this
# site, we will graciously accept such information and do our best to remediate
# it.  But don't expect anything in return other than our heartfelt thanks.  To
# avoid having your report summarily deleted and your e-mail address blocked
# from all future correspondence, please include the following passphrase in
# your report to acknowledge that you, as a human, have read and understood the
# above paragraphs:  "I would like a peanut butter and parsnip sandwich,
# please."
#
Canonical: https://www.gpf-comics.com/.well-known/security.txt
Contact: mailto:jeff@gpf-comics.com
Contact: https://www.gpf-comics.com/contact.php
Encryption: https://www.gpf-comics.com/gnupg.php#jeff
Preferred-Languages: en
Expires: 2025-01-01T04:00:00.000Z