A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: petr@stastny.eu
Encryption: https://stastny.eu/stastny.asc
Canonical: https://ales-kalina.cz/.well-known/security.txt
Preferred-Languages: cs, en
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJdkgizAAoJEIn+qiAX8IElun8QAMs3Xzm30VANTDvrrHSpYWnm
xJc3Ua1St3cKvEV2Au9JGaOwF6Yx4lOlfTanF027tefHLCpjjgDgiYCVTmNxj6At
9Pb8MRjtEXuFej4kBzkSvCozC0T+8QvUyTD+NIAJSxw9R0PFB9kGN15kijo20caC
/0niFzC2YxJ1LNKRFL1i7lYtup7Vv4dLNeLGPQOjOFw5Up1xPNFntUZVhKnO/+r6
uxbAZ1+oscrFRZIE/PQX8mXoov21K/9fuG4cnX8t/iSTe0EKCuA+wGsLvx+LC5gK
KCznh8tCIezNNx/H/sknp9xp24LH3usbf5VgcD8Ris2qS7qkd23mavjvVVHl3vrC
+Bd7wsuqkBY1yDd7J320B27Aqs3vuGHffonvoOlcdnOkq7qNL/5K01aJeRa4nlY/
Xousz5QSXS+J0kg8UZnIfFCqcVY6acl+EGbwmDj/wKZqqsakrO5lO+kyG5+8b8dR
Zwa/UdV9M4djG9+nHht18CNsji5/SrRyt+iIioVwVq/IXOHVQ+jROkamzME2qehG
Fa/lq/c5BmFl/jAJEBQWKmEg+4SGRaKxA9l9BhWN5lZbd9FF+iSb0PmCCwoGnAvs
lxY5CeldYGNt4QoisHhJyTSUHFoF/ls5i3dD7Qmcfx20FZex1PuBS/qc/45PrS2n
p62EJvUfNwQ1y96vM669
=7lRb
-----END PGP SIGNATURE-----