A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Security? What do you mean? This website is obscure, so it must be secure!

# If you do find anything, just email me at:
Contact: mailto:security@molzy.com

# OpenPGP key is located at
Encryption: https://molzy.com/key.asc

# This file was last modified in January 2021, and is located at
Canonical: https://molzy.com/.well-known/security.txt

Expires: Sat, 01 Jan 2022 00:00:00 +0000
-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE3tifPSQ61rSRlcAYJNomlw2NQZAFAl/vu/sQHHNpbW9uQG1v
bHp5LmNvbQAKCRAk2iaXDY1BkIGxEACK84x4RvimBr0zB5ALucXYUMZ4KrTAFBGS
teXM1l1YMDvxHgvDQawsQH9hPJlBJAaAbDXn1sPNrUFD6KxmcNcrjRqWEakwi3PF
TM8w9gehuW4YSF3XLiWpUg5mPs2t9Mlnqk1Ec9n79z829IfZ5hMwLt3KYdpB8A5W
AwQyHIzLYaTKR+pEB/gATqpLaLpNHpeKsWhWcQbqvhAeP6XUVonrRxc5/9zflb7s
pJRKamxoMAi76YCYIQ+azs5P3/jVX6AlNrZQORSKDoLmcTgdxegKpjK1Kr8K+2yq
lTKqYtSIf57NtinlcsJA+nmL7BWGNpYKReqUnSIJDoCN6sl+opQ8w6zbG64qjR0s
HseIZmxaJJ7VAgOUGsZBShu5urYknZ3c3cqPtQgute54xKoO4Rgc3R7d93YHEEfe
L9zMTE5kprp6RD/7U5jBRs3Y4D5lD9nKJQ240LMf4i+dXgwC2X0RGmRPuhKe0yd1
JCcJ1blmYEq4zaHfuoTg2qbVdez4lvaptLoJttDK0Yf7THSJrB4nIaNeIl248WKs
tK02DUjhJnrE5cOPW668Q4k7wc6pJGdpvHML9MZ26StX7h+8f9NLdCW07qs5aGkI
LQdHE8K6T9PT9iLvzyiC+kW6C4UqlzpttnEi31dkqFW7SHRcTv4ymIw6YuPmcCMR
3rxziqjSHA==
=N4Xj
-----END PGP SIGNATURE-----