A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: hostmaster@hardcorp.org
Encryption: https://hardcorp.org/pgp-key.txt
Preferred-Languages: en
Canonical: https://hardcorp.org/.well-known/security.txt
Expires: Wed, 01 Jan 2031 00:00:00 +0000
-----BEGIN PGP SIGNATURE-----

iQHMBAEBCAA2FiEEzwZ4MZ2SuCWpS5JrVZqqkHf221kFAl/wmYwYHGhvc3RtYXN0
ZXJAaGFyZGNvcnAub3JnAAoJEFWaqpB39ttZT8UL/iGuMR8OB/08UZ3BRKUB4r8+
P/E1hq5RZeYw2i0M+SZ5S+2fPT2IPRwD9WHLEu05AF9CsVo+hOmJS5vYpDdps4mW
T9j77ss4Mwp0p7FoDP2wjaQdL1TNR2Uz6hBt7bypifqkZEofzbmiTCK7mnFwS1Gi
aralkiy86Udf7X3m6sQ/D3qoZj0vJdpPnDLhq8EkRik+kPWGviddQHb4voEq7+jw
FXxejqlIQsGw3o+TuJvyPLHCBv6lgN5CyllDPzgX6v9hZCPtdeHObTi8sffu5HKQ
f+Q5srRtEUyBWRwGZoWx4n3Ro9sIHfxGCXn4KjwFXM5smcPsFI/mANli3yQvTIhb
vMle9USTuKPtGK0efI42dl+KyJFcmf3jwO59pSeXO+qif+n/2aj4RJQbRIRk3uSA
YQCdJCewzMvo/EK72Y+pphTFtQza4Yz2IluF0q+NyZ3WKIJoPV0NYE3bZATrRdPk
+5HJiHoSLVD/EnS2+XqMBscGdTM1GLoSPkDxIfsEhQ==
=BcS7
-----END PGP SIGNATURE-----