A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# My personal email, I'm a one man team
Contact: mailto:ButteredCats@protonmail.com

# Attempting to access security.txt from this site's subdomains will redirect to https://catsarch.com/.well-known/security.txt
Canonical: https://catsarch.com/.well-known/security.txt

# My PGP key, used to sign this file and that I'll use to communicate over email
Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/ADAC5824F7204B55E40ADA04FF37BE4FDDB74419

Expires: 2025-12-10T12:00:00.000Z
Preferred-Languages: en
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQStrFgk9yBLVeQK2gT/N75P3bdEGQUCZ1jX3gAKCRD/N75P3bdE
GYv4AP9nMOSVGXWqXFzen/UnpJjAiwf7dTHeFCMc0IALkk/NPwD7BH2r4s3dRcDh
Ojpb/NizslUweRVPepjz5Zx4BanvZAw=
=QY8h
-----END PGP SIGNATURE-----