A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:nick@sslhound.com
Encryption: https://www.sslhound.com/hound.asc
Preferred-Languages: en
Canonical: https://www.sslhound.com/.well-known/security.txt
Policy: https://www.sslhound.com/help/responsible-disclosure-policy/
-----BEGIN PGP SIGNATURE-----

iQHGBAEBCgAwFiEEho+J0CMsC8CprsGrGR9d9j9ey/MFAl5AO3ASHG5pY2tAc3Ns
aG91bmQuY29tAAoJEBkfXfY/XsvzzhsL/131juJDMxbq4l9CyxzaUTe60e/31G2q
OFbLFxo1Wqz8WSWXe1h+U0REqT4PXMBFZNepSFOPZ4sv8TwygoNxe1NzhF5mrusE
Fey5NWlA76s6Dx6MstjnMI94IdRX+FzrA0MGtyMUQAK7GGE+l3/w6cj44xQxVZWU
T5WYEhZ8NjPm1e2ywsnLt8Yu+0Aj9u6XfF8qt9KNA8m4qELfP3h0mxCtR5D2gBV4
0tz0eawlE/qjIvOI9KILyPuqUIb9j02SJxXDf4whSYROMOxZ3Y0/x9oaXJVGuHZf
9nnM9LjlBErLn3+tDia+xjVNbSyY1ysbigXxuUCW5Re4SVZFxMnIFubF1dCwIz0n
WOmwrjfAcHkRxbrr/jP32eD3cOV9DS9+/3vSbxBBcNyHWAABm5hl4I0Rruq3Ef4d
WKk2XWrn0uFLD2Qn0Sf6M+3GbnOlUaxwto0A5S1PbJCbbQU2n1fWLJLpxwN1GIKC
uWh/mzjUIyr32WAbLjy1oOmXhY30e7E0kw==
=WWzk
-----END PGP SIGNATURE-----