A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Our security address
Contact: vulnerability@innogy.cz

# Public key: https://innogy.cz/-/media/Files/security/vulnerability_pubkey.txt
# Fingerprint: 7DE1 80ED 0E1E C1E5 5E81 D63F C8A7 3663 59F0 4674
# User ID: innogy vulnerability <vulnerability@innogy.cz>

#Signed security.txt message: https://innogy.cz/-/media/Files/security/signed_security.txt

# Our security policy (in Czech)
Policy: https://innogy.cz/nahlaseni-zranitelnosti/
# Our security policy ( English)
Policy: https://innogy.cz/en/reporting-security-vulnerability/