A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@xpd.se
Preferred-Languages: en,sv
Encryption: https://pgp.circl.lu/pks/lookup?op=get&search=0x7E3B60FA00ED4F64
Encryption: https://pgp.circl.lu/pks/lookup?op=get&search=0xF786C2A13682938B
Policy: https://xpd.se/advisories/xpd-disclosure-policy-01.txt
Canonical: https://xpd.se/.well-known/security.txt
Expires: 2025-06-13T07:00:00.000Z
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEK2zTgGc/i8BgtMwgfjtg+gDtT2QFAmZqop8ACgkQfjtg+gDt
T2T48w//QUkJ8AsmUVM1HW+cG+TfQ40ONtMQFWKP/PO313Au3N0ltM+sc97wPsSR
MNkJV50AsrMWxsb4JLmqN9L5UXy/eXuWmh6pEB7KoiuL44QPF5AlUOuslTWythwl
wDDbKjr2iyH30sNE+Nz2io7GglMISwVoKPC1McxjO2ogvGXwcJTP17S79bdhS5hO
OiDVniUP0SwqNC8RUo1b1LypwEamursKsdoowUVWjalqn0Bwn0LR9x+cORjNYcox
xQO5Juk5qo7CgF3ZK/3Ar2JVw+6lqguOHDFh6ND+aozc5nw/qMdn0Z1+zY4cPA/Q
cWsl9oYhs3XdAxI7lvwBBjHeFITMhhjj4q77lHO74c80dPySI552AORHdRtljzFe
pKVcnaBOtdBeoKvD3IEtiz/4hNB+pIRjhCq1Rp1tjIq0WEKF5G+8hxMGtTtJjdhJ
uEv2ujHSbAQe1UJnXoHQIkAtxRThd7OGsuXa5qvVpMFQFuiBm0Q26/QqumxJIzkE
nxPZULItlk5AfE+j6MGR80gmQA9cczD2jJZ5oghFwE1Xtz3s2zDG5x5eAfC7hzxc
aiKYnJk2lTc1RAwsirf49x//ICocw992+oTp9GnCOjAsoqE7VHdPuIZEkszyS5ZY
PcsuySCwPTeQKkCWac1fJz323AJcwPgc7aR6F4b6czbDLFFcxu4=
=y2yb
-----END PGP SIGNATURE-----