A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an origanisation will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifable via a simple way, a security.txt notice.

Contact: <a href='mailto:security@citywire.co.uk'>security@citywire.co.uk</a>
Encryption: <a href='https://citywire.co.uk/.well-known/pgp-key.txt'>https://citywire.co.uk/.well-known/pgp-key.txt</a>
Acknowledgements: 
Policy: <a href='http://citywire.co.uk/legal/privacy.aspx'>http://citywire.co.uk/legal/privacy.aspx</a>
signature: