A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Contact: amd@pd-house.info
Contact: amd@gitlab.7f.dk
Encryption: https://w.7f.dk/well-known/amd-gpg-key.txt
Acknowledgments: https://w.7f.dk/.well-known/ack.html
Preferred-Languages: en, dk
Canonical: https://w.7f.dk/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQQDGN2afHuqxwhRF1xFpC5mPq2u4gUCX3TdmgAKCRBFpC5mPq2u
4rQvAKCI36aDZ+w+6eWbfoDnzvZdPCBRNwCdHvR5BXh8j4cI5llZlnBPELXQ6z8=
=F2N5
-----END PGP SIGNATURE-----