A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@matthewlyon.net
Encryption: https://matthewlyon.net/.well-known/ProductionPGP.txt.asc
Preferred-Languages: en
Canonical: https://matthewlyon.net/.well-known/security.txt


-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEFeuheS1/6G9RY36J60ZC45ewKfMFAl/bAw8ACgkQ60ZC45ew
KfNbwBAApqBeJztyGXu6BemQ0Ya0WQBkHY8nGJyJP7+sAU33FWehP7l8WvdSz7O9
CSLU3HrOqfCcoHQ2E0Fd8c1yXUXqfetMd7sG2wIBmh/M3YePUnCShBwPTrL2bUPh
+RfXyuBy+S4kKQhaNnmLDWJoxlBK92bgeWkh4EcvVgbfbtCJLQwApHezH03Sfy2F
EgaFnWioUOaviFIlN/IDfTaW+jfFfT+6j40meNm/duNYL6yrcaKiZjH6YWTvcA7o
1J5becfUnFIDV+8Smn/GEbKgInbUR6hX7/YpueeFTVdsrLTK0qCgQ0jfLbAkLmo0
x9zAAUJLTgAUzya+x+CdcV/E0I3t9uVU4sO0bV/GTJtzf6lvO0RT3WMZz0JBX5RR
N+59QCxFuN1IDFB4FvBb5SwFNbIx8M20l6EONbEPo6VrHYRoyor/OMVWyMHr1Eis
+QSbTnE3AcyajH8Fzni1Ym2p4L5qCiQyXWU4DSlTPGvG4gicDnwwgyFayHcLjFHA
iiPC0XhiNTG/rSx6hhNRzH8jDdSRrWej4bI5KEYz7YGM3/3FwRm4q+2TPhpe2yG1
C7rTX2U7d7i0ye51Sn6E75b+MQXgnntgNKQ8rI+y4sFMYyzc0PSWU4ogSTEKTvi+
cgazYX8adHg/+g2u+tsN+Ega7PvoqRhZaMDDa/MQklrlJUIVbm0=
=fpfm
-----END PGP SIGNATURE-----