A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# In case you have discovered a vulnerability in one of our systems
# we kindly ask you to report it to the following email address.
#
# We will forward your request to the appropriate organizational unit.

Contact: mailto:soc@insel.ch
Expires: 2025-10-31T00:00:00.000Z
Preferred-Languages: de, en
Canonical: https://inselgruppe.ch/.well-known/security.txt

# Key for validating the content of this file:
# https://inselgruppe.ch/.well-known/gpg-key.txt
-----BEGIN PGP SIGNATURE-----

iQJKBAEBCgA0FiEEPBWiEU5f9tPbgMeQ3Kk8xsefoLIFAmdEl8UWHHdlYnNvbHV0
aW9uc0BpbnNlbC5jaAAKCRDcqTzGx5+gslEJD/9pjRIW863x59GDW0s9VrnRJ1EY
EmSJs1LIIecl7628D1jrAuPeBsPUICojgykXxx3ZtP3cbKMoOQj5mn/fLZmrocm8
G0Vpugg4YtvXLMwdnXVbJTDxy/LqrZI428N7mwMCkL55ktZyxkum4xmJfOGApwbL
RwBYhe/VUW3/Mpunyy7fkLHRKpyXs71KJw5aaYQ4S0NOPEPM80YmfvG4x5noEYpy
t9MeRpWy9tOApxVKsJo8aLkiVRQOa7tJur76QSFkX9a+9aRLvIhTwiJmmKw3FxGA
t2FahdXJ6YBb+ghkCwCtRh951zGNb27LsXEUxFbYCpjEkAgQXAgUXYxRLmaC+Pfy
ZTLpC5PBY8Od5VIM/zrXFaMM6Vm1R/o6KlFQHTZDJZtGjaZKTwbULxkwGmUNI3N+
d3qwRrAcOF07RmzXG5SeuGpCHCB37sDkLOZDUnnklF7NicwEebuvZqeWJ3/Vm0TD
0e056qj/caNd9UU+5ULzPEyrY6ui71aLMdnf59CnYzbjm0bOv21bs7B2q7TK6pi3
ESsLmq3gXMwfYxYMxPOtd6jCP5ZjdMsNT7jL6j+AHFsmDYQf2PsgEtV9Oxf/KOFY
Xtkwmjy4FsjjBUSEkrUm+MbWeEYyPi8kErCcWOMkaFXTEI58+37Ajp/2pJLODQeI
HQ8mm6g6lLq6wHlp2A==
=QAPx
-----END PGP SIGNATURE-----