A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@flywire.com

Expires: 2026-03-14T22:00:00.000Z

Encryption: https://www.flywire.com/.well-known/pgp-key.txt

Preferred-Languages: en

Canonical: https://www.flywire.com/.well-known/security.txt

Hiring: https://www.flywire.com/company/careers

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEQIkqsl6Irefr63TRLRrZ8Mb5Bv8FAmX0O54ACgkQLRrZ8Mb5
Bv8Shg/9F5A6rtLMLxT4PjQ/097B6uzRNpDt1Ken490IvYueCuos8PcvySt1oPzm
nO7YRBWoU4ktcLqantJSt2NDzCRXH++LmpwElvDn/PqwC4wEQgWt6GUIdZ8geGfr
Fl13OmFZ1JeMvj0Y1FzEC9eb53TXjL8QpyDDMjMSKff/0wyR06Ncu/2cTRJZdu/X
iiOX/W3euH0SIOKNxgyQcJhOG6tMEknQ92XS+whmwduARnJAkXswQUqapJpOO+aI
lnwdyMvOlM/o5b7wNWB5a7cJgRy5Lq8jdJ253sCpdt5NyI+X9cLaFJ3FCzKOPz1i
BptSbbU2sHhHfA2t9WuMuOI6PAjq1ptF8XWwDoj730oaizzlvEESaETEHwueNsPs
7rr/sEDa30TQ+BOYq5sKT8oNJ7tTPPjAL0XBMa3YJwtMBNslzI4s30sa3zvVo/XL
yDtVP6/OIeNTClHOtoPtQkMLC/pFdWcFd5pK0SpscBmTplSByFfBRfOy3/0DZQy4
1PlMI69Tl0EE1koSn9N1jfKZBzCJ3Vf2rRC/wyg1f0wE6Jd9pdFAR2r9IJUXEbLt
xGlZzF8OuF/MyOfD+iz6cTiWcf3vDfzOH1ieMsDFrCb0I1HasRgR6eo3tSd1jTQc
Bw8BM2yHkZcpy0bkQ903zn9w/Krkdr3aPcbQEz5IgVSzB0upyHA=
=xfzG
-----END PGP SIGNATURE-----