A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Security address and disclosure instructions
# Start the subject line with the word SAFEGUARD - this is necessary as we have a filter set up specifically for this. 
# We do NOT reward for disclosures sorry, we are a very small business.
# Please bear this in mind if you plan to disclose any vulnerabilities to us.
Contact: mailto:vchellgren@gmail.com

# Language
Preferred-Languages: en

# Expiry date in RFC 5322 format
Expires: Wed, March 16 2022 22:00:00 -0500

# Last updated on Wed, July 26 2021 06:00:00 -0500