A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# If you find any security issues with any of our products please contact us using the given email address and PGP key.
Contact: mailto:security@luca-app.de
Encryption: https://www.luca-app.de/.well-known/pgp-key.asc
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEESCS9XGyNJ1YasIy1Ax3WxGr9CEsFAmBOJDgACgkQAx3WxGr9
CEtXQQ/6A9LXDt2DC1DpkKy+zuzsdIx8Lk7cyBjPFZD0P5Mv7dV8irdoysjf9X31
qXwIMyd35cWolFeRhCrQpH39o3aQAGm8QNgJuPuo+1Nuafy3W8cczSjx3KaFins2
08MyScYzn4BiJRpkuMG3o3/DRyyc8aSIWXGz6IlFdj+CUSO92k6MzS0u8+j2MYvn
CTZUut2D6Y0h2DpMizHAUr1xZ2Cvc7qv5anrkYDvnm3YscpOTDeHDCzpC5QuEVsx
Zi+AripY8dwc0NgX5YojsRUET1bMWKL+TF/9qP51xkrMPtw9jnfIGru5RsQvZXjW
vFUZ5fp38+blYXcEnLc0pIuvEY8QQItCh5RvbXxwy90v56bgGnsxhGIoPINYXQdN
r5wZSKluGnKrQloR+LbGPnOQtItjg0oTZ8EXsPX9seb6BjNJta0sbZPEqPQ50it0
MLYXAv5XzopwtceSA3fzXO54K5S6qtPWBd53I7TobLsPJc2mtrzPPI2h0X5XmUL3
Ablysygi/VlFf2NeSI6evsdksav+VnFkEdl6bhPmEHexDw38QUDQc196S9Jb+E37
X9mJsqoa8AYI4sEoi8n6us/FaUvrcUzZsxYychRry5NENXcrnWUDoRNcznignOMq
4EmDDGuv6x+Kad4J2NHtav92u9wEsz2XvEOxFvcnP/U9SSRGYic=
=Chzw
-----END PGP SIGNATURE-----