A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: https://bvp.me/about
Expires: 2024-01-15T18:00:00.000Z
Preferred-Languages: en
Canonical: https://bvp.me/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEbnU3wNP7QFJsnxG/Mc34mOmPMH0FAmPIiswACgkQMc34mOmP
MH2PYRAA3I+NHYAn8I8m2CGJKS+zz4NG16353ffxK/dg5sw/gS8WQjWi0npAkjH7
d5rEgUVnOTKxRNOkSL6bKs/C8FpKtO381YctXo6FO3LblhQ3dFyN8ym1fRo1eCAU
tUVsR1KEYzbJb52dEYrleRE0OTVdPcPfu/VXmYQyMr57rmSs65o3mlhqaStDSZxr
TOeCkwsvNqJyBlG1oEk2Ro6PEsuEEufObLdzCQSKrxma2Pzo8FOj2oyDpkMo4ABd
GnKo14vFpBhtDt8gmJS2fQnMN9Wzx4I00feWLlSgQJ0nJiUcb8UiVsWaDF9Pg29M
c9iQaMEZ/TZTll4JIxSDJ1afk3L5C/mDcVt1yEcTdd7tB4/gJANfr68lUg4naL8D
1lanB8c4P2q6WZZGe2DvCxOQ2pDrQfiPZnFZAR/rPjjk510XV6Dwz+RJdriTRbXF
wHAK2wILpZJFLB821QxvNfsMsyrp00LA/D2wk5vFR7gIDIFaS7rFDg+ugn3m6fWb
u80h/D0Nsy7XA4bTRRBF6ucUHihq6hitjHghj+15yKB4RVpOuRFVTXf/P88hm01I
eAkmpuum1fAKS9Ng6S0SulztLM7Axvau08Z4lhUDPVultL/XT1JhMy7PO3MV05/s
vpXjXqPBxux3YGWPi0Ok9BoXXWAbyLbKKJNV5fUaqDb4ZzKy1ZE=
=zPFh
-----END PGP SIGNATURE-----