A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: me@adamj.eu
Contact: https://twitter.com/adamchainz
Encryption: https://keybase.io/adamchainz
Acknowledgments: https://docs.djangoproject.com/en/dev/internals/security/
Preferred-Languages: en
Canonical: https://adamj.eu/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEkTFpJKRsVwsHfYzR7HElyTSIO+UFAl5G2NMACgkQ7HElyTSI
O+XZig//XYkCtK8WZMCiYhlfcdKpLZFeDrz5XR7zmJs7x7vsBx5smfIFEGOFXzLw
wuNHIjXBpc6NkPywLPhtda/sLWosiS3jNf8HwfGNVOaP7pgVy56qoL5N0Y1w2S+4
E+34GIsA987cXXi+RIq/Qs1bU3oT21W1lD3ZRc+ZY4EG33b8bZoEMCWLDJ9a3HwW
HN36PIK/b3JVYwQ9+3mhraO5sbtKVH1nTKyXYoPUi4RcA31E68o9iClA8n/N+JpG
C1Ad7XlwEht/soh71/MoDb23KOTWqVYZiJZQAUkOhA5R1/6V3EHxYXtwTFUKdQBr
R5qg8SYKfvjjhfQ7H1eDB/sIiRSvRn9QebFTbIdNVqVBKeOuob5T0Gh6AmrBT2ut
6WsjyWRtCWSEMhu/R835X/G6xwO3vJs3kgp3XjGEU9/AixN8EydnorQ/oplA7ODv
wUm2XggOo0AiKqVaZOrbLm4xlPCg7hKlJ8WG2GLXLWCZiW57Za6zFCIwjCXcYOM2
EaaIOVzktn4nBB+bwsRCotevX8YskwcFtY3vH7O4Dtp+eiFEklv35WjWp6LXkejn
vtifucCzje3eAR3PqN0DkZSteD0CB+9MrNbiPA4xY9KelBf5AuMDRynjJ6zcWxev
ObrxMwfxS4fia7zXtcy15DLFasFdGl62QBnTtXfPZ7gC6qZAPvg=
=djyv
-----END PGP SIGNATURE-----