A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@spritmonitor.de
Encryption: https://www.spritmonitor.de/publickey.asc
Preferred-Languages: en,de
Canonical: https://www.spritmonitor.de/.well-known/security.txt
Expires: Sat, 31 Dec 2022 23:59:59 +0100
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEGOy/ma0oBg9MdOmA4bwbnMnsjdYFAl/DrS0ACgkQ4bwbnMns
jdYSuA//a1VQYXxLYO9/g26h4Si7wEHOacc5fJix7C59p0ZiBnEoDpnAJDwiYC5N
EqzKi0UTUx2UVnY1E0XDEIBLbcIP+8zd83KoRDRQTgLyISOaMOKJMwAI+4z3v68h
6bWpNu+gi2JFbPUGizTLXG2zANwvNub1plBV3TbYoxdRgiiSb9tKHHKXpCbUQ1by
6uJXZAF3TtvRlH0026iU5Ai7KBdpvz1QLMuN8c/xjiuFJqRt57nHjsrhBMmfPDz/
+aE9nMUSkQU5khxJU7Ip/rzmNAoLhk71wFum8fEZxSkVkUxifucfTW2Zss0g+4Ew
VwsZBIlqaLmiueolWzABp0OS7YaG43O+b9EDRgjXENJxrHijScgbjqPKC4mvm/BZ
KKB7MM70ATJM2vKGQqAJlJj39VDJmWrZEHh7jlrazdFlkQpaIdKY9XxUU83AoCzU
DXySEwenvY4aKMuCHrQN17KiPdojTAkOtmSXbQixOu1vBJATo80NAE3k/ONAggW4
EY+32GMHw23zaaeRPHmgHbpj6Mi9s2P0teCrjdmUOHOfPjn9/F6PGn335ccTcjKG
If/qq4KGqHYkxoGV3cs88qaxpfEEJbhdvgY4gfOOuIdoYlMzvnJXGZekA1Mai+KG
LxB+YGwJ6NuYyVC2iBnkQjUE5/n1/1h4abIk24Ogl3ND4QH1WGk=
=dqSq
-----END PGP SIGNATURE-----