A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# This is a website used to host CTF (Capture The Flag) challenges, so
# many subdomains have vulnerabilities for gaming purposes.
# However if you think you've found something serious about our
# infrastructure (e.g. Sandbox escaping, Server Misconfigs, DOS, RCE on
# some important files or, in general, anything that seems unintended to you) 
# please contact us ASAP at the following addresses.
# 
# We will be grateful to you :D
Contact: jacopotediosi@gmail.com
Contact: franco_marino@outlook.it
Preferred-Languages: en, it