A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@bobek.cz
Encryption: https://www.bobek.cz/keybase.txt
Canonical: https://www.bobek.cz/.well-known/security.txt
Preferred-Languages: cs, en
Expires: 2022-01-30T23:59:59+00:00
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEze0Vgqi+ArSD1bC59T6Trz3tQusFAmCsmScACgkQ9T6Trz3t
QuvYYg/+N2LZC8NnlwNzPrEz82cbgjFQOZCaHXCKmYUFP0//TthsswM+sizkWm7J
SYlDblurmYXTY1oSvexe86j2sImzvRpDth0l4JN6ECVH2lOwDfakrKCGPo45ONrT
+0YgWNIZMOz0oPt4OV9FwEAAXDkyhv47jZX1qjdpcYNhRIRnhVb9RrzNAuQ2vJc1
5HVxmWQ4O0P37YQr4adCK+0lTe5qZC/cKDplbhhPNgpQT/awmJr5OpCm/iexkeZL
z5FbRyMudEuIEGIn4EoIhxGIH0jKTDNUSjn2VNaXIHtH67gE81GVTIryrShcUuO8
+9TOB7GAivfeLEuhCXWszHvLlr3NsBeUxztnTBSSkODWaC9EXOf9V4iTpLoXu3gr
WWvn5vIX7WcLHjRCD0ixxmfW0VVM+tL3BJPKt7sC5HxMbNg4w3yjvE61I8+2EueY
tRCid5S3LNIA1FcepPrYzWZyvGl0WRYGWklz0bXX8sPwYCi1V4GtYzlU/DsxTDrq
Wy2ZedlfGnbfERk0GtZTVc4UTuXuKTn3sjx/uMLacf+Lzj44mdlq7TLeitWnBoDc
TomGrgtIVNUMTvpDI2DbNMEfTS0Y4OqCsqZkIfvKopnyeo37ZcXTPbEHLsGI9Qcu
fpuNqvBv/Dl1DNClTFJ8RUTD6PmY8kpB7AHncCAi5eAvJ77etV4=
=/sDy
-----END PGP SIGNATURE-----