A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# See the following links for more information on this file:
#     https://datatracker.ietf.org/doc/html/rfc9116
#     https://securitytxt.org/
Canonical: https://tug.org/.well-known/security.txt
Contact: mailto:tlsecurity@tug.org
Preferred-Languages: en
Expires: 2027-12-31
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE2PL4YFeoV+QqiBBqTOGHfhlDjHAFAmfPPsMACgkQTOGHfhlD
jHDXeQgAoXSheKHcEG9GIAFERtHKt+v/09Qn1Jsdp57MBoQJGnN+tcl17GORTpUT
OAF64pyqAC0g4ifonBbYY8OtHsY5e5S50z6EBDhXYw7xG4AVJlaIJBfJ5sywX3x4
0y9B3R5fNsfjis8qIXsv2mf/+z5eq7L93s+YtdSv/Ju/AYJupzI7fbmk15Uhj4SB
6tAyTso/hebz83ocGtZH7z6YtyRB35kDcL9v9o/Go9t/RUFfus34aMkyOHIXJ5dN
/jP5zH/w0i72GSh0EaaB2kpDIS3wuXTql16hJkmRWgTO545r1etyK/2z8TVQVyP/
nYFGPYateN1Lch2sFzCFIfJJLe77vA==
=OGdd
-----END PGP SIGNATURE-----