A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Curve uses HackerOne for its bug bounty program
Contact: security@imaginecurve.com
Hiring: https://www.comeet.com/jobs/curve/E4.001/senior-security-engineer/7C.217
PGP-key:-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArmF1lz39c96ncE4gvsBY
luVuFa8Sx5Eo1LR/9u5iKKPVxgZsPB7Z1WTgoO+8/m/eFCG2YHdOTg3MengOGzj2
pMAXoiE6E00Ie0XqTIIF+rdI7RX3xJOoj30UuxTWdvnin+R64H5z3H0qVc1nTLdE
OcuLeNJ+J2y7KE9YgGBgLAtYYcFm2W7JVUyZXMOm4Q2DKgtLDuDiws5zNsEiB3cx
7VwPTLtAhW6Knl/2Dm3LpfZNjlOTdkBerVsBfotyTdgFQfOGlxOwjHIjug3haNQg
dLR4514gN+FUltJVGX/uALZNKWM6MidlQIIX0LWMW3GuKhVwWwXjV3cTeQxxFtS+
WIJWTNduVmEFyKmNw5WroyKlhUZea59JgkV/wNQ1K4Kw1hSUhgS8J+dVVizCkXvS
Gf5IiN0IgqPvzNf5O89JSZkudZTwPnpSCTaCQKarL1yYG2IuiJHekgpJlxceaCJx
rkxywZ3PPReWpclCQkaxFPc/LgnB9DN3kHrNEPdL3/g9JFbAOT21XW0An5xrnNox
Xh5yLR+ik3CJDhGj19C3qJhXs5cg+J7N54QpMbSeLAFx5MmINUETjD93hpkOp8Q5
kRUuX5sjBHWJAwpmqDjWrP27NQLRo+R9kZgr83mQtPoUmki+9UefzLevR8g3Xxbp
P9UdLcOGkJep+F1rrCdyN/ECAwEAAQ==
-----END PUBLIC KEY-----