A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# security contact
Contact: mailto:security@hardill.me.uk

# PGP key
Encryption: https://www.hardill.me.uk/secuity.pgp.txt

# Canonical Locations
Canonical: https://www.hardill.me.uk/.well-known/security.txt

# Languages
Preferred-Languages: en

# Expires
Expires: 2022-08-10T12:00:00.000Z
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEE5+vhGJzyTbEgtcEZ/UT7XHT0IagFAmDMf4YACgkQ/UT7XHT0
Iajpfgv/T135KeKovwoK79F1qyHv4tQJ4dZRWFmJJKw+YQEeoLfspOwLUVTDvIch
qIbInKZKlihLsOATd6CqP5GNliOKOxw1du9/ZgEPBoY7Fx7gbqaC32BfrPEyoAP0
8Ckvvf8UzkUv0zK5uRYQOZdXebjADE1wB4d+WO72Lwo25oWVZCx8isA6aIbae3zz
hjWLcylB5T8kyE7/wRikZFlS3MUzlf1yUpaFoCxrVuE1IJ4hmX5dxNFsIbwqpNS1
aQ4RHQgTGJqANgM4ahvEc69mj8BCznIWOCafDuuD+Ld18OfAQvGr/xkuPVXynrfN
roG5e/hjtQGpu8rXZW0QBH6RZRn7MqSMYfa3t0tKMGn8uMVJUg3SmvY0PGBRHrr/
O5up3J3aeNn9kJ3TYZRHj4/pqeZKVdCK1tUAs0Ix4t3AE27c53jpzC6kGEXRRQ4A
QSXvXc5GKLMBYnc6bSVoYWprxMQpsi3nyt9TcuqzKKjUwPZ3cZ6TpbUBNMflP0G7
ulERj/dY
=rd3i
-----END PGP SIGNATURE-----