A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:admin@purelinux.de
Contact: mailto:abuse@purelinux.de
Expires: 2099-12-31T22:59:00.000Z
Encryption: https://keys.openpgp.org/search?q=144BE5B367347B8260D6D023DB24801DB9EFECF5
Encryption: https://storage.purelinux.de/public/pgp/purelinux_pub.asc
Preferred-Languages: de, en
Canonical: https://www.purelinux.de/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQTYeTG8kxCKAhkZoBUI6qc2w0j2cAUCZf8JWgAKCRAI6qc2w0j2
cCw5AQCHn435Wqjf3j/458ZAggcQ+8RnChBDEk5S+6XGaeYwtAD/Xu+tDTuDCsts
ByoiCArrCNOdf6mdJcJ5K5rzr0S1hQM=
=VskI
-----END PGP SIGNATURE-----