A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@xpd.se
Preferred-Languages: en,sv
Encryption: https://pgp.circl.lu/pks/lookup?op=get&search=0x7E3B60FA00ED4F64
Encryption: https://pgp.circl.lu/pks/lookup?op=get&search=0xF786C2A13682938B
Policy: https://xpd.se/advisories/xpd-disclosure-policy-01.txt
Canonical: https://xpd.se/.well-known/security.txt
Expires: 2026-04-14T17:00:00.000Z
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEK2zTgGc/i8BgtMwgfjtg+gDtT2QFAmf9RjsACgkQfjtg+gDt
T2RqtxAAm4Z3FijPUjgUqetBeXTw03HoNyF4oSN32k4gJOKZmofY8BSqZzPVaHJv
wXLIW5ywgG0WnyOzpLj2GRyeXSodJr56fMDkl7KQ4BMulHft2cI5quoqBQNhfOnB
i0JuDcxayG0WXEhi/DRF1TcrAuHSQf81XAdSqOerwxLvjEr1QGzxrVo2b8hibMXt
fNPpNi1C29zUaMjbP/cvyjxesJK9PcqcrmYfV/AEVqjyUsLYmyizqebxrbqbII5x
sKB8/H5f87P90a0bETzeINiXf9v3w+B3REKMFlTADRld0pdYAd/NaHE9tYfY/riu
nr5X9H847Dn7RROCiMfnISvag3+FahfERAhBdMfiY+eLpJ61iuDIlU2dqnI65s3v
1YfFeF1D4TKijpGehhnyo18Zmp+JmvtXXo4TBqvj/gsbfQAKXDQk473+FyG2xccx
IkwLuIAEheRVuQvtpqjcnmBtbtJgVik6TQ+oj6DamtrLHldRntykgHyDXMKUuLCP
v58yM5X1Mps9TPdlCenDUt1y/XGy30C3vd3jy+KXCnsIe49dDp2bW65CSFRSDftx
NP/xeVJwkFcNeCCz2H0sLGS87e/jADeg3be99aoIe/bErWUnAScBLqjnUF4nPmww
b6201VbqZORkfxbTP/HmJv09Q1M9+n9JrtX0TKBtnBlnh3QDY3o=
=RRwv
-----END PGP SIGNATURE-----