A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: security@neatnik.net
Encryption: https://neatnik.net/adam/pgp-key.txt
Preferred-Languages: en
Canonical: https://neatnik.net/.well-known/security.txt

-----BEGIN PGP SIGNATURE-----
Version: Keybase OpenPGP v2.1.3
Comment: https://keybase.io/crypto

wsBcBAABCgAGBQJdj3vlAAoJEHEl8oJR+eLhIj0IAJYpXamojtFyPxzxsR27q4vU
E9e2At8nCm88qhZjeucU8lpbZYukR0hZLaPM9NKF5Vy4+1hN0XzKB17IzN0ga4dj
zr4Z3AqQCcITwseWtiPPGRX/bfROSlrbgrm9nxkCc7dKvL4aT6glpFwOrGIkTtj1
Re8r67DYFuRU5I3Od2emobqSl0dBtKgSsrcE7mtRik8/FRo2mgKuzs4Leb/sEf8i
fSb8LJPc9zd1NfzZPP0kxFzHLY1QJ5ekoEmpXp8dXFCibEE/RTk5AFQ4iq2DPlI9
UNdGqwwwXEJFeEyjim6I6d67+c5aegGG/s852ND3lOpHBvV/1yy1uvXq4o26GP4=
=pDDp
-----END PGP SIGNATURE-----