A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:vulnerabilities@avira.com
Encryption: https://avira.com/.well-known/vulnerabilities.pub.txt
Preferred-Languages: en, de
Canonical: https://avira.com/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEEV8evVGCn/TGz+JqfWmHBzptW+AFAl6HCtEACgkQfWmHBzpt
W+BIVA//XfSbdSYtcNgUNjpmTueRpF9OROJES/hAuyPYCjPn2PvjgeQweUdHbEB/
gJoqAsftvRB3Ta39CFV+l6HMHRdhcwN5A1Ghi34NZy0KCIbWmCmz7Nd1jJ5qV1pM
9m+nqAMy4Kr2nK0VKvkXFZYF1HIPlzAiFqmpvYT/K12tkUVSMF2cTgerE4wnznf1
QNIwpMi93ihJKi7w3597v1vIlQN+jCGUE4R2oUgqoA4NeVETiFH9DxL8NBpYIMxn
vaELYFkq8APvKzn32zsM2icGfgi+zl2HcxH/It2r0oCRBDeECfv8SORwgS8HuLXd
FAyZrlOWATLlN/jacCBD1v/elHGGvUvZ9o3mIGvTwuEC6noWxUawfIokXxAc3D++
Ss3e3a3nP0bjpoZ9fGv7V164dSly/d41KnrnYAhFMP0cpVall8f4vfG1tDahpmDb
DlAXuViiopYUBGtrONOaPGzZQJsD8uwXBKgHREKvpAP4rjeufQBpQFvCtJvVkyqM
GPuOewpQy6ZWtc1bhbUVcINUseYpzoVOHD5htjnODy11b6CeKMrhmiNkZLplIY/8
U+yUw2TGhIZr5pDBIOU12OOUFaY9JiXz3GK0Ih7LSWBXKheeyJtayRqXu18Azzse
d87173Sp42nbkTj4i8mGqNABpEbQWuME7l1kFjTiMAF8/7gFGPM=
=M7Z+
-----END PGP SIGNATURE-----