A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.
# If you would like to report a security issue, please use encryption. Contact: mailto: firstname.lastname@example.org # You can download the key from one of the following sources: (also available over IPFS) # Alternatively you can contact me via keybase chat or the GPG key at https://keybase.io/bghost Encryption: https://bghost.xyz/E52DA31E0E6C3C2145D84B5D1E344A8136AE8998.asc Encryption: http://bghostxkr6vgb3od.onion/E52DA31E0E6C3C2145D84B5D1E344A8136AE8998.asc Encryption: http://bghostehijl6vkda6vobbznx5s5tjkzsaqodr2lhw2qq7hov7zojygad.onion/E52DA31E0E6C3C2145D84B5D1E344A8136AE8998.asc
This policy crawled by Onyphe on the 2021-04-06 is sorted as securitytxt.