A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Our security address
Contact: mailto:security@harvestdp.com
# Our OpenPGP key
Encryption: https://harvestdp.com/security-research/pgp-key.txt
# Our security policy
Policy: https://harvestdp.com/security-research-policy
# Preferred languages
Preferred-Languages: en

-----BEGIN PGP SIGNATURE-----

iQFLBAEBCAA1FiEEt4JLwu2orT+HjEQSa1ITO/0oB8kFAl8VMpkXHHNlY3VyaXR5
QGhhcnZlc3RkcC5jb20ACgkQa1ITO/0oB8mJwggAy/9JjHdWHzP1mjXV9twiW/vl
7Z6IwYxtfldm3yksz6oHQeHFphpzgfRi3bgmJQBcqPpTYxIFsL3STYQQk2UY36Wb
qfW1aTkIsBegW3Y7HLFki1SfB2ms+z2+VYJPMI6GyQQxexnmqj3FrdI90lNYSFEf
bAfpLYuxEEAo50pKC5fQCV/HPzCCZl5XhxKZCksUOnjdsOlvnnNqShLAuKhJepCm
JZ/7nsfVswwpwc1nL9xRsjff4bL2BzNDCLd9oL5LL/w4WQBqc2497KxmmqaqtaKQ
xk+tTsofHONg/PPVl+5ll3cGLZ4CgRB1NBCG9zBVDMRbz7i9IuEJ1NeSDfNXqg==
=gRCE
-----END PGP SIGNATURE-----