A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# ShootProof - Reporting security vulnerabilities to ShootProof

# Please report any security vulnerabilities to us via the contact method below.
# Please do not include any sensitive information in your initial message. You may use the public key provided below to initiate secure communication with our security team.

Policy: https://www.shootproof.com/security-disclosure-policy

Contact: mailto:security@shootproof.com

Encryption: https://www.shootproof.com/pgp-key.txt

Preferred-Languages: en

Canonical: https://www.shootproof.com/.well-known/security.txt

# Please see https://securitytxt.org/ for details of the specification of this file

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRtKe27LnqK8+bWSsEsTpg2ewXHXgUCYg15zgAKCRAsTpg2ewXH
XhM9AQC1lcrusJUel0KBfxfWGujx1z489PmAOZfhBxLaeE+1AwD8CG8l/PVDK2Jo
m7tZMd/nlDu/HTlq1uIQrfxqGqd1bgY=
=W36U
-----END PGP SIGNATURE-----