A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

#############################################################################
# AntiSol.Org security.txt File
#############################################################################
#                                                                           
# Security policy: You may probe this machine to a certain extent, but you 
#  should DO NO EVIL: don't pry on or exfiltrate private data, or do anything
#  else that's bad.
#
# Access may be blocked arbitrarily and without warning. If you intend to 
#  look at this machine, you are encouraged to contact me in advance. 
#  As a general guideline, you probably won't be blocked unless you are 
#  noticed.
#  Note that all access to this server is subject to my terms and conditions
#  of service: https://antisol.org/tacos
# 
# I am just an individual and cannot offer monetary bug bounty programs,
#  but I will gladly accept responsible disclosures and acknowledge the
#  reporter publicly.
#
#############################################################################

Canonical: https://antisol.org/.well-known/security.txt
Contact: mailto:sec@antisol.org
Expires: Fri, 31 Dec 9999 23:59:59 +1000
Preferred-Languages: en