A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@ovgu.de
Expires: 2026-01-21T23:00:00.000Z
Encryption: https://www.ovgu.de/.well-known/security-pgp.txt
Preferred-Languages: de, en
Canonical: https://www.ovgu.de/.well-known/security.txt

#
# If you have found a security issue, please report it to us at the above address.
# You can encrypt your message with the public key linked above.
#
# We won't respond to "beg bounty" mails ( see https://www.troyhunt.com/beg-bounties/ )
# or to emails send to 'undisclosed recipients' and BCC
#
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQQ3bCHzzW1sPI2MOv/DPIbITKfYDgUCZ5CzNwAKCRDDPIbITKfY
Dn9HAP9Hfxm9+C5iPGZArVT1eIkXmSEgVmCAHOzjvioRipUkOQEAojLv2OmZxdFc
V7gBh88xQdGqPfty/RqRoBnJfcv7Dgg=
=mX85
-----END PGP SIGNATURE-----