A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Conforms to IETF RFC 9116

Contact: mailto:janphilip@bernius.net

# OpenPGP key
Encryption: https://janphilip.bernius.net/0x58C7ABD4.asc
Encryption: dns:23d5f42604ae0d4aca140773be27156c22113d076cf2e702fb5fd522._openpgpkey.bernius.net?type=OPENPGPKEY
Encryption: openpgp4fpr:1BF40D68871493F104AC338709F1850D58C7ABD4

# S/MIME certificate
Encryption: https://janphilip.bernius.net/3D0EDBA6916F2EA2C0CEF0D16F39C242.pem
Encryption: dns:23d5f42604ae0d4aca140773be27156c22113d076cf2e702fb5fd522._smimecert.bernius.net?type=SMIMEA

Preferred-Languages: en,de

Canonical: https://www.janphilip.bernius.net/.well-known/security.txt
Canonical: https://janphilip.bernius.net/.well-known/security.txt
Canonical: https://www.janphilip-bernius.de/.well-known/security.txt
Canonical: https://janphilip-bernius.de/.well-known/security.txt
Canonical: https://jpbernius.com/.well-known/security.txt

Expires: 2024-12-31T23:59:59.000Z
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQTIhe3lwLs+DlRAT9bB4WT2GWe/3gUCZjP0vAAKCRDB4WT2GWe/
3tNdAPsEgRc/P+MLFoBSxuynXcxbexsK+ZZefMjEVZ8s8V0IDAEAipdLm4mpd2OU
KeiFkbNLRvRl1oBVuDpbjSzRg9NEcQg=
=nxuC
-----END PGP SIGNATURE-----