A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:csec-reports+bugbounty@scu.edu.au
Expires: 2027-11-01T23:59:00.000Z
Encryption: openpgp4fpr:89d45a4493c260f5725dce8b915b8d96944935ce
Preferred-Languages: en
Canonical: https://www.scu.edu.au/.well-known/security.txt
Canonical: https://www.scu.edu.au/security.txt
OpenBugBounty: https://openbugbounty.org/bugbounty/scu-cybersec/
-----BEGIN PGP SIGNATURE-----

iI4EARYIADYWIQSJ1FpEk8Jg9XJdzouRW42WlEk1zgUCZymLgRgcY3NlYy1yZXBv
cnRzQHNjdS5lZHUuYXUACgkQkVuNlpRJNc5MvwEA5MuU/AcWd7qzDQ3OXCmikA7k
41M+DuqyIA9F3/wLAdEBAKsjeh90H4wXrUzzRzxOjmdzPzxRoCdBfJNXisJj1pUL
=DOzS
-----END PGP SIGNATURE-----