A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: security@freethought.uk
Encryption: https://www.freethought.uk/keys/Freethought_Internet_1FC1925D.asc
Preferred-Languages: en
Canonical: https://www.freethought.uk/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQJYBAEBCABCFiEEKtpM9QJIrZOVmJ5bRPM50B/Bkl0FAl2AoTYkHHNlY3VyaXR5
QGZyZWV0aG91Z2h0LWludGVybmV0LmNvLnVrAAoJEETzOdAfwZJdUdcP/0UGPYA6
t590/qmlSK1DUWzK/pBocZJ+vrLLHqFS3Ql1BoTct8G5GTn59QBIKDnXSfDmKAi5
1E6wDf6qH/kKP7VTPW7k/75Ak20kk4Na18m887yhAfABwb8teWCkjopZUNpExLa1
d0tyFa+anyP05TR8OyIHxMUrT2AkgRc8rgh3Xp48FKxyAa+49XNEtFCDmfn6TmxX
JazMj4zpDt1MBn7j1UAwhWxixIsJQboN7figNq6B3MOeDg+sMlHVRAPJNPJLbKpy
HZqXOM4V9LD9UVXGmBaAaLAhpM3Qm2lOgl5m6B92bUyTCUtvkqivARBLdtfaM4Af
p5BpvOeit5FGJtutESBSeGsw0ixgpERGFUQfnJ5S3vIKoTmyINeCZU1tDi1FpBUc
koqlP/dsThxZRXOk6VHsYxLgplvnekiN0kX+Idk6yoLlKTEYYd1k5aPbqAZ9AmKp
Nvkmj9YVHimhrUUFU8VIyZvizgdmDN/4uqzkYPMqxZ3bvSyfgomfBbFWRjuS8l7v
nH+2sp7Qw9oNQ1ZOZuxo5Fs2HXcq3Es97wqxoLWRYe4++6lN2PaThLTmnNjYINGq
IyAroChtRFNlgfDciGUCmK/54WwlJe7iPfiD7B7mTc/Dd9QMLKxj7y9tJqOFihM0
pg1QVeD5awBWBRZCqrUZARNd6Y7v6BBc0xkA
=o6wM
-----END PGP SIGNATURE-----