A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: https://cert.uio.no/contact
Expires: 2026-12-31T23:00:00.000Z
Encryption: https://cert.uio.no/cert%40uio.no.pub.gpg.asc
Preferred-Languages: en, no, nb, nn
Policy: https://cert.uio.no/vulnerability-disclosure-policy.html
Acknowledgments: https://cert.uio.no/hall-of-fame.html

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEQgFZwYbtuSsZLXHgSYAnQ48IHPkFAmk78UYACgkQSYAnQ48I
HPlUWQf9FeG1SFD9oMHOVWJ0v0dzsypUUnOAwQXcT3Ydz5zcSdO9DUB/JikYpCZo
DjHqCDIGTb/Khu43vSci6qJ+abmUFjjx+Y0SjCwgCIQO+qSSY4LANd3RHcFVYAV6
oCALxfB/D2NJYxISl8k7daXEO6EAHY+iVvSaR9SVbVoVCCj69p8bnJd2sF56dc5c
2nh2e3udPpBVAItx6FNQJB5ypaBxx2NSG5FPnqb+qa9mxjH0Yp9jn+V+5mmYqaJg
ZqzYDvtkoxjiIlEQmVrsS++oPtP5pKAIvpp5r2OWjf9/uDruaCSW/Wi226VGaQti
0qthGnT5tYC2RysI74Nj3S0gMTTxvA==
=CTkw
-----END PGP SIGNATURE-----