A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Our security team
Contact: security@threerings.org.uk

# Our PGP/GPG public key (both should match)
Encryption: https://www.threerings.org.uk/.well-known/security.gpg.asc
Encryption: https://www.3r.org.uk/.well-known/security.gpg.asc

# Signature for this file (both should match)
Signature: https://www.threerings.org.uk/.well-known/security.txt.asc
Signature: https://www.3r.org.uk/.well-known/security.txt.asc

# If you've found a security issue in threerings.org.uk or 3r.org.uk, please contact us on
# security@threerings.org.uk (optionally encrypting your message using the provided key).
# As a non-profit voluntary organisation providing services exclusively to charities we're
# normally unable to pay bounties, but might be able to offer swag, public acknowledgement,
# or charitable donations as thanks for the ethical disclosure of vulnerabilities.