A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:dirk@deimeke.net
Contact: +41-78-9569114
Preferred-Languages: de, en
Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/E80CE8A5807373E6476666E2EAD649C8D8E83C80
Expires: 2048-08-30T02:30:00+02:00
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE6AzopYBzc+ZHZmbi6tZJyNjoPIAFAmKBz6QACgkQ6tZJyNjo
PIC+8A//fj7jSrVlB4uY/LHgPX96QlocQieBsj3Qu9qhnp9chPcK1oU6AEnBB8U6
qzr8/GHVCqme/Xyc1S005fGIZDoBelQITBGRWc+Oqn7gbl1tRqf3VgM/DTjDbiHp
9swyIathZCPINF4vv/p6X2aYzAXzgQDVyoTelTJN4fJ8qJKn52xuYZN20ABxsSMC
hqkzU247E6y7+/M7j4IAawZNfTzgSARBlvX4+ZRVDaZtt8dale/r8T9M/w0Ag8UZ
oZ6rKR2EmdD7kdjZTWg9U480vmMQwzALlyokQT1bAQ0UZpuJeu3lFPLnLhKvxXO7
oLPPb4+Jot3Ao7efH5vZ3Jg0/UuDEu89c8Wsl53y81YMPziYp0mPUpbOFar3/lCx
WkJ0hycJQv2q1hzRvkzR1XIQbKj1kCNtB82ssOrBwFUpgMDFAwH/2E5qvsm3wviX
kQcOcsatZdMSaQdMzntn9IZSAQJEl3sdwl+NNbuVm1dCsvh17eSITFE7E4ONDK/e
jZw0uLcP6zpwpH1f9FQpclYGHHUVtQjMFX9VmLuFQSu2D44Ki9Q9BrXeb9BOqjpY
+MX0qCiYbLDw/8zrOGQPQ9zgEstdQU/2DAW0xE53P7/65klsePZbEsx96tY4hVGu
BRG777vHAXuckY2JGZJKwvaRFsiL4asWgsLt+GHzvDmYmYWTUkA=
=ybmq
-----END PGP SIGNATURE-----