A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@flowcrypt.com
Encryption: https://flowcrypt.com/pub/security@flowcrypt.com?show=pubkey
Preferred-Languages: English
Canonical: https://flowcrypt.com/.well-known/security.txt
Policy: https://flowcrypt.com/docs/technical/bug-bounty.html

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEigMLq0LK2X/yaqJeKD3dmnetavIFAl+Qdr4ACgkQKD3dmnet
avJOrBAAgxm/NYTfahoxWg0Qeg40MCE0PyjJAsMVHkYmcTPorDItzPIPRAj40mPB
WRJx6v3KIKwxA1bKGYXqXLT+wivtl2sy9oNNkBp8n4p/72fmDHvQOTIBEs9025wO
ygeJpjCANISmGukTo4fnrw4CTuexHQTzVpCqmCnr/QMRXtVQutEA8viBbmU2rEw8
sOnRdKBSxH0XrDAdYWSOnHTYP1GxSsjIEIqWwmdPx5GSg/2Pm60Gt9WMPeq+1ee3
4kb13LFPNgbYCFZHGErsKZ5FufoCKneYLp1ONMNcg/CAaJTysDcPjkdgRSVcXt2c
FNXfywMzYSk420S6c49K2v41LULDIKbZTOJVTlDUBbRClva+wyFrRHzAB4sdSZSz
CAQMZLBzaLV7Q9PevVAconm0d0LXhvTfU3W2VdRq+kS9Ld9vo42XUAGHhy2w3eUw
oM7ZOu7Z+FpsXIrQRRhNOr4X2EJb4vJg0oDQ9PGm+j6Df4RA1Ulxih7ox0+3E9+C
B6UMQYy801l+jeZ1zLgo+92G4NstgqhB3pLKt9MIbF8wfei3TDFhqS0f+3Uomqot
vV13UbXqyEKah3Jtm2trfpJTRps6sw1OWleMckMiCPTlL9IhixmIOxHw5s4hZrdF
2M0LvbX8CYZ69EwKym9reCn3X6BhX1+qmQQk/vJfrbzXO5iw3LY=
=RKDh
-----END PGP SIGNATURE-----