A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:sam@samedwards.ca
Encryption: https://samedwards.ca/pgp-key.txt
Preferred-Languages: en
Canonical: https://samedwards.ca/.well-known/security.txt

# Hello!
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEElnbpTUgOx9kAquGOfkVXbj0AzWQFAlx0Tb8ACgkQfkVXbj0A
zWQGPA//dxssmKT3hDWarIBQg9LkzoV8ExhL9/KnoLbQyqjdwMMQ40ogTCeb/SZW
d8/xm4gmDlQQnCXHJ6h4Q0d/i3RMriTaoKKTsakwQWrUSv8MzGhYqiHuFLKdVDYR
AMfB1SzxuMHXNym1ZOvF+TCD4ULJvLJK2sypdDAUbmdNh6iwGw7cI4tHtAXUdef8
H6wdWqq9+5rOP5PsuAx86CQiHttuBaux5FbsU1Z9gXYE9G7xErBaC48fdPZokdYD
DYMSJl6ciIBH7VBFr8oNJsPZvaN/C0eTik8Upp3UrObJqAkejtCEm+BJXPPda5bk
s1vIoiKp4S43lRyEwOoWdTYWbdUszTFQWOhqHJL89S9GZi1AqAjXLby8rJQAHXjQ
5JhG+c9fDK6RF3UKk3HVcMqzYB82kr/7XHORgN8ffKQENsSQsxvqXauasEvjMpyF
NsTQHUugk3qxW7mqAmhSCLi/0592QUpT7PU6yPvuICl37aVECNKya67A1rRjBIZG
M6YstkvS++tzYdn+2MRfVc7cUVColPYlrh2a42xvAsm9Zv6wXNZr5cNkxSfsdbbc
ivGrGeJBJcpauUwYwc2huHvkkI9YhcK6IZlwU+FD07Xu/EW+WkzJE/ByJJugRtc3
j/ak4qLLqcKtPr9c+ddQ4NXP6jv22t3fVQa42q3elckWl/eEQaE=
=NzEm
-----END PGP SIGNATURE-----