A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@fg.cz
Encryption: https://www.fg.cz/pgp.asc
Preferred-Languages: cs, en
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEk1w7GXP88+r8MT9j4+rDkrsm6tQFAl4S6g8ACgkQ4+rDkrsm
6tQfeRAAk9RrPF7dUb5Rz9qVNrfvw8LXeXoWMd07LD143QyG+zLd6lBOI2E/zI3U
gFMo/PDDtQUbMTGnFtBKwnV16aQWEuWEQ/pRiVGtqJVOlANgR0vQMqCIko0CF+AV
LqkLztQRykG+EKzA+elB/vMrCEPimXcuCXoj3922T8EcJDEDh1srjm3ZEUtxXkq/
EzQQ0aYm4dGK+GhBQDXZy+m8/4wpGb2cLSn/jrHpQnR4klkPEfx020NfmFv+y7P1
x69hqEoVgWoDYXAcf01TlYrUO6j/wIzWkMyaQ7PSthXYDWmJKOhnJIwzUrrbRqXp
wgbprsHDlwQLiR1zyAh5kxGLzhiH9eoFtqVGnzGnz+VxtgBM9HFIAZHcxoAZ6eEn
zs57J3UUlfgeZ6xn7uQPNi1zX/Z2b3PPZjNvM1cNY88MvimT1Pi+K4rcm1imO5GR
V1YMaKeDPm+gW+kkpetdFJZxDC/+ZrWOSJ9hdlbJzdfC1E5kjMEVshoPolj3GOGH
4Dimcv3lN824PbaPIF8l6kQw4DUdSrEG/kVzMkiJEboMDZRSjEAhVZh4Hg8eQwNm
o8g5USj1dZFvFedvT+x6aTdcADuQ7x+k7rMVs0BUdn63canjprNm7ngkqptMniVx
452xQo8bphIZwQ+4nE+4rDXsN0fWUVZ098elBGWpLKXC/BE8Gkw=
=b3y/
-----END PGP SIGNATURE-----