A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: security@tide.co
Expires: Fri, 31 Dec 2021 23:59 +0100
Encryption: https://www.tide.co/.well-known/pgp-key.txt
Preferred-Languages: en
Canonical: https://www.tide.co/.well-known/security.txt
Hiring: https://www.tide.co/careers
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEPLd7yiZmTE6fs8IUBQBP81wD+lYFAmBsncoACgkQBQBP81wD
+lYnIxAAwTDd9rlXP5XRDt4jW2rz2SG81ND6PZnGRV/5vrub1mw/VdUZuW8Ciy3y
gnmkKzgtXyIdJcp4MBq3hMGiWOYTuSoCJWcMuMaVrFyp5MAbqeFeF+HTE5XmZbrp
URFpqhyUr0kBinlqlPPMB2a1SQK/87d+YYQ6lC36SsB9TZFQGHVJkfrxncIgChRa
lTNyZEkTZCPSHFfa0ZiVmL26mncJviPok474RIUJ9P6Iy8JYs7hQX3AVmP8PFhrS
3TMb4mFWB99Ab5A7tapCy+3X2aQVZEFmIK9qbTfh98Yb1v4IE7/5mxppNMDALTTL
tES3pCvu3ALPOVMYKZrtB27nZqensExbiCYfd0YNnFJ/ufisOwIlcQWFCTweYfU9
h00+MXxuLThGZfD1/VbG8GxLxjrPHlJ+CrXG8ad9yYkcH5+hkKz7Cx0awbyWkmnW
ZNG77N1kTwsLmgbcrWLxlAbNMyeqiXKnY8NyS3o+xItZ/mC1LzVCSJdZCzaxAJAg
kTONHorRk02QjUmc2cQf8gF8gh1qB7cQmavbiRVwYj/SnRkTXLkODt12xafuSZns
ucDZoJwdURs6f4WLC3SUSPKEyle1V6oYQJC5D1Q9bUlUN2vrYS4IyUeEm2iC1U9h
8AIykkosq8GltrY7j/JJvyT62ltoh6vUOpCp3KDsPIYvMEkBevw=
=hVoP
-----END PGP SIGNATURE-----