A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

Canonical: https://sorafonts.eu.org/.well-known/security.txt
Contact: https://simplex.chat/contact#/?v=2-4&smp=smp%3A%2F%2F1OwYGt-yqOfe2IyVHhxz3ohqo3aCCMjtB-8wn4X_aoY%3D%40smp11.simplex.im%2FF9ArCYa3BfNJKU1Yy6L-FfMIA3wDP4yK%23%2F%3Fv%3D1-2%26dh%3DMCowBQYDK2VuAyEAhFOtzRkq6L2Avtz1Qtpnp5FjXuI9_KAL5vRbHYUzw2g%253D%26srv%3D6ioorbm6i3yxmuoezrhjk6f6qgkc4syabh7m3so74xunb5nzr4pwgfqd.onion
Expires: 2027-01-01T00:00:00Z
Preferred-Languages: bn, en
Security: Izumi Sena Sora (Security Manager)
Signature: https://sorafonts.eu.org/.well-known/security.txt.sig