A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:matt@domsch.com
Encryption: https://domsch.com/8E2D8B9B.pub.txt
Preferred-Languages: en
Canonical: https://domsch.com/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEUc3VEWOk+TkwNXO/3tn7nNHjOT0FAl+POwkACgkQ3tn7nNHj
OT2g6w//dfA+XZR8h16K9uiS2lB/UZ6WOX4EzefxAYsr8o3GT88uOMuGaYgy/rOT
18t9MWeDOtKorLb3+nTT9deXYSFIta9TmtfCSizAhD5fDtIWhhkDjf7V/39ErHrv
Ro0USgwLvQtRzkE8r5mXQfG/xAd3ue1XKtrhJvycGUCGiteF9WIwQPzw+Ij6ejIf
5flBazWvF3Fxtn1zVo314XASDxWUIHgw1tFb0Pnych8/lDnIn5TKzmfc2/jTNUtv
1+rk2Yu8XNIcg3uaAviwhmuDEk29oAXFbkD2HFGMGgOyXyzj7veT11jQFUvR5tqV
o6QSANWOpOltnED1zu7ULGw4oMYX+9o8sSM4Htmk46sEcOdk0bkoJ7FFUS+Fm8TU
oIKzEEaO7LOGZU5kwCVnGbRZ+3XsH8+JVzghQPfGftlxJ48aRFV/iVXRgL3Uy4Ip
CrLszFQYb/VQp357lhE7IOZFfVugvYf8ZwbzxGE+2X9cupY1+e7l7WA9TmvfKVQT
vT02NacDrQ9ZWhLSbofCDbkxrnYy7/zchZRL8RsdxV1uGFbhCB90IMvC7R0HLJ0q
mv3m+DduQT1KVEx89tQg7Tjd4hljHx488iUJS8h9hAbNzJwFPtoX2POpZUYwk7xH
BEocN1jBlHRy3UYDcTpBnJQ67LnFr/M1L+OVraApoHCVa1pMjZ0=
=iLYk
-----END PGP SIGNATURE-----