A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:sikkerhet@digipost.no
Encryption: https://www.digipost.no/dokumenter/sikkerhet/digipost.pub.asc
Canonical: https://www.digipost.no/.well-known/security.txt
Expires: 2024-01-01T00:00:00Z
Preferred-Languages: no, en
-----BEGIN PGP SIGNATURE-----

iQJKBAEBCAA0FiEEf9yMQxcM8r3NJ6TR2NyAS8w5qdcFAmOcklUWHHNpa2tlcmhl
dEBkaWdpcG9zdC5ubwAKCRDY3IBLzDmp19WpD/9Ls0fPNFdbh8Nv+lFgZgoMuEzr
c1dVZLgaEmn2PoFKlz8Tl5jlq2hzLzEAe7SJ+J/NPqUVhyn/gaZacuFNUKSaimaQ
EubWWW3SNaNDESGuR4/5o7xOLc0fsaWO6S4h6n1PBclLZIzdXTJRAdtBWsXvzEl/
1VRiIyrpfllRobWzBM5Zy8ziPm6ldJhGbIM8l/oIbQPuvgSbQaIvg68cOcaVw4Dk
6bqMVNEOnFqKfbIdJVGSZtTwdkCsnZgVm/MY1EvHCyXZ1Ljwq5bRt+x3tpvQagm4
v2a6Cq/N++jqAFAPjaEPxigZ2HG4OUUL+U1AH065lZCOGwF4y71uEBFY1R1X/qOb
DOQGm0f8s73g15YZGI4/RKu2K1J0Lpc+r7htGbauQNr5mGQaVcheJFZhw1XD0kdB
y0QgyEkklTNmgbDvEeugRyBv/vhucwG4WA3ATikI5SyPqip4RD3Wy3y+UWhGkiW2
Rw/KPAMSePEcDL887igmAxnRBCJPPjO6CAdIReB+rT0uR16YpocfPYBFvShASbPA
s/zxnQcN8+aEcd+deOXYAXtBRwxPKNwFBLm7unEud7cR1CKuuqy/4HnV8ReQYTKP
c6EGYCBD3POst66tlVEbTEDEeVI30F2rJYxbL/ME0GxkrGzlWxk7V0M6N1+lPDlA
cX6pAkvczBcBjDRsRA==
=3M+r
-----END PGP SIGNATURE-----