A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:tedk@ted.do
Preferred-Languages: en

Encryption: https://ted.do/.well-known/pgp-tedk.txt
Canonical: https://ted.do/.well-known/security.txt

Expires: 2025-12-31T23:59:59.999Z
-----BEGIN PGP SIGNATURE-----

iQHABAEBCgAqFiEExsOvqpJyQhaC2w7V9TWUvxpBqM4FAmdlZ28MHHRlZGtAdGVk
LmRvAAoJEPU1lL8aQajO7WoMAIUzAFJ/KQcvyTIMr5pJ49Hx7YjBFzEGzzL69+QB
ELmcICzKDRkRWTwEYYeMUDDE1T2rr2+zg49tq156AIUiWaiWDOaknvLG7VjcUuzw
LP01kIvSuKeIsDV+c6bWZCe1OkwwRI9KqriuOn6DF1ieL+n0LSiQ5zFBK6q2gxv3
r2BFuy+Z8GGpj5g8KvLh/CCpN1poCyvA+EXxCjaQ1trqL7OP62DouYolxVcNRto/
PYwv2X69pZxJIj0C66N/6Ta+FaelkZHoXtpaNrhcb7k9EnozSY8lNI+1D4TNvawk
thQ+mcovQgdrMH/CbpyuzoEYuVbXpSZRHlejhzPsMxJnV0tTGyTn2aDdkOEfU+UX
K5IGyJJBTqwimGtEpfIIpadgCskP3D4R1d1Q8DCvZcUvsDyDaLbouFYEhktYd9bm
NOm/nitsyAbwV3PhEH/HVkqatNZ7habM2tZYiBbW3uV2x8bX7gZbwblp9KGRthLM
nFjOt44d+RvRIUgp4oLlW0Jjvw==
=NU7J
-----END PGP SIGNATURE-----