A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:lee@bigdinosaur.org
Expires: 2025-12-31T23:59:00.000Z
Encryption: https://keys.openpgp.org/vks/v1/by-email/lee@bigdinosaur.org 
Preferred-Languages: en
Canonical: https://www.bigdinosaur.org/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIzBAEBCgAdFiEEfP5VXAutYO5uhfjifwwE4yrhqikFAmc8shcACgkQfwwE4yrh
qikg+Q//fVw58bG48x+qXTWN5jMjkjr+s3jCIz2Cfgp1EJnRrPJgeVDB4aaikp7S
+bVvutj6lYoopXOe0BjCzoawzZoeC9LVn4GkuEQ1SlNK+0hMhyZPn+Ike8KzRNx8
ypgzQCcaEXTzWQ8/1HaPFh31bcKj8yM/drD+cUQ7AnAxSm5gGccDzl43uyYzYrjh
2MMuVvILUMSUp4DWcba3g8kqBnVIonhyEITyfvjz5zDCGwJQgl4mVeIpI2/0rr5Q
DtNb1JdmH/pXosm4VfT7v9EPjqz+N/Pb1O8NbGn1f76Dg8LssmtO6bXray8Ypr/P
Tyh/qQI2LxYXj7LNybLb8fu5g7QSa/JjlqXtO6SY38G9kN2BQDrXt/JYnKC4nSQ9
+CiOIanSoar0jwJ4t05WCW+DMDfCsmONtElWx1pUsGkdVrMKfsgrcfLcHkJpmzpr
83jvCSDpQXNMD1vrwkITBuuaqu7L7790yr2VblVVU8aYlBgKGBOXtPof4Gjiwqrd
sOM5BHNF1oVtL6ntMIOJGWIxXu+ztp4BeSjcZQriSnxtrDY41fxzF8ISgHm58eZ7
D+LiIoRmGU1+wsqhNuQzjrhOQ+I+FXLnH/wO8NdYWRSnCRG9ysPSAqejdin4f5GF
cBvrWJ4TCejhQAzomwbuepx9p2NNfBLGx6M/uooobbJu9+g9IrA=
=P2Ev
-----END PGP SIGNATURE-----