A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: Please use our normal contact channel: https://decoded.legal/contact/
Expires: Sat, 31 Dec 2022 00:00 +0000
Encryption: https://decoded.legal/contact_decoded_legal.asc
Preferred-Languages: en
Canonical: https://decoded.legal/.well-known/security.txt
Policy:  * If you stumble across something, that's fine - please tell us  * Please don't go looking for things without talking to us first  * We'd appreciate time to fix things before you announce anything you have discovered
-----BEGIN PGP SIGNATURE-----

iQJKBAEBCgA0FiEEYCshM9rj7OZDcRePzu/kV0ygVGoFAmEcwhYWHGNvbnRhY3RA
ZGVjb2RlZC5sZWdhbAAKCRDO7+RXTKBUahHCD/9liTw9IPEx0wMiN/lN9oK2oc+h
eAyuXZK5tvgJe9iTfJEd5SbBRmh+KmAhOLFGd7ASOydmOt8HhgwCmmNqq+G3tVfU
yakWVTJZz4009bhRxcQzsBQnCwyIP/GgrIQLjhIfdRHE++FN1rpju8NDmcAPaMU3
yYhGAjOcirhe/e7HIN6PD+uFZ4SEjB9yy0m+7BJzAmd/D+J5usHMCJA74hAXmqO5
YDKUsgIIFGJ43gHHzxPKj2yKCL1nqcFeYQccmTkYCzxmtRr3T7eaBKo5de46L0/W
oBA2HkEwd9dUuENJzn9LYML9pTObt0nW1Paj7YHrbNpCU5EqiDGb6pKabwkNymwa
EQEzAt2+x40XjLPAQyaefZbc3bNZShahWPyFHGfQqhvqGhSvsXQk+N6fA1OpNpB6
mvkyXjcjUiZ1j8FFHXwxRXl02MjM5N16qqnvV7jb5m49pmeao+Y/GE1VIfY9hAYd
OU0F70OCPFHRywof3zEvJAMpslBipxm6moNaPswEv0Lh+Lq2l0Qu/duFnr39W1pT
9HUe1lPe/fInhdsLDP5bM9k5dEZwb73gPepg+VLl8kljzM5awpKqTv0X5fYWdmgY
qfRqZBO6SPgYT2b8x9409GjLNDXpQ7usBkfrXbmn994wpEYVyD9UX70DX3nGFusa
SdkYSX3eRtBf9X9x7Q==
=aDMn
-----END PGP SIGNATURE-----