A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@smarthr.co.jp

Expires: 2026-01-01T00:00:00.000Z

Acknowledgments: https://smarthr.jp/security/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEINRgkMsWgOtbRYBL0j2U3WKXTPkFAmdanQAACgkQ0j2U3WKX
TPlBABAAuRwRqKyr7jGt582UGhSssHPVxzjbyaa/5eICQDrY2Kzfa9uot3SSQW0+
Rt9x5yOI1mhe4e4cEWB+lhhNyq/6Pno9MPxnBeQ8BKGIwvH+UD/eCYgxVFxW/LYJ
0thgDVV6y5bYrNE6kXblpEUA5lGHquBLN1gSdYKFWLZMEtHTqyKUejHLNJXtxRoE
c0rlPOROBDVo3UrDoI+wZ4LCraMVVfel8LBxe9dwEX47CRu77zYOhYiROgRdw3LT
KHEPMhoUn5CVWTjUxzpB1RCSMi2EqHsUyJKcOMnSMelAVA4cjuqtIqlwjqo2mHYs
7omC+wLYZMx4OTLQOv33xhtMotQQm5tuBSKeN2RJabbYnuJ85haWfAexqUvPeqTr
9pBMzoJBVhjUfSVitRD/nHaq/2Lqb5JdFfAQDKUgdpp0q7MOos8X+DTKpWfPbhOW
+1FjdA6U0h1oC2Oacqk4Ugama3mmNnrDT5qdBdrPFKRr3dgEnx/NsLA+1FLXW5By
j+8n8izDiYBorDItzZS56lBnmirSg1/kKBvoh3qqmeJU5nZZlfq266wBcyE9Yq84
Gy4MAzZ8nBK6Oc+W8DIQdVGlBYdG/ZmKSZAlJ9l1b5D5fW4rL6Lw0qNP0w+EKplg
k5unsaTV/J6odr0aEEXlbTrwWVqW59yQPPQ+eeCitS6oAMynLfQ=
=OO1U
-----END PGP SIGNATURE-----