A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@omr.com
Encryption: https://omr.com/pgp-key.txt
Preferred-Languages: en, de
Canonical: https://omr.com/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEEwG4zi8fB9G2+kmkh1T/4TpGWPcFAl9pvccACgkQh1T/4TpG
WPdkRA/7BrmtsRpHniOZ4OvR4RLuaEM63AEjdg7El9QQ2HQkc7xH/E6Ni5XE2HOL
52jc6AU2qo8f7u+pmFN0nnXqLL6kGqLeZ8pQvCTk3a93AU/w+/2RVD2JSCdFRsCk
j4kX13PfUvTKBOhGPet+bHjkNuUjUlwztMJkETIf5sF1LdWV+vOSHQFw3VXK7Uzj
WIr+2cPe2ojvTBhGKp1MnsYgFCI0Uhmy1VTru9okZB+Ny1mEfEW/rGKMGfbZeeME
oQX5cUkfKmG/IjLywuzDem7JLm/BXPBP/znvt4ofEWhUBoGF1a3oscf34NCMPzPu
W+LGmCpeLjfbfgrOjfN5lxCAHa7MgR8kr28ZiNKf2hZ2lH9fpZolTzeWOwuCfGUL
paMnKsOXsOzM0r2AbVpq5Dx72/Kn8uaZ63WizCg7PIwf11u6aBErUsxB5L4nMGdk
bfq55hmG2M/YVfqUUdbzDioicYPvdphiOldK+MSIY7IQ/wbV1zUtAGE073z6flm4
HhbTWfWSDQ1ANeoaCtT5w7Z/R+lXzngW6OQIwmXsAKLr5E0rAJY0DqBtO/2p1bc/
Xe7ggFCH8a82tREhJA19Aw+/2ZMHrLQL92lobh9wtLwYb+i39RwPnv8uDAnt0oV0
y+ehmSolaTt3UlbNPa7C2MeUfI3KL6QTBOMsW0Hib0qx+1eJ8J8=
=xHuk
-----END PGP SIGNATURE-----