A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:bixilon@bixilon.de
Expires: 2098-12-31T23:00:00.000Z
Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/710A0AC95B864200D047864E78A6A2852EA34990
Preferred-Languages: en, de
Canonical: https://bixilon.de/.well-known/security.txt

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXQWrkPGp08lVzbd9XK15GTGwmsQFAmY/c08ACgkQXK15GTGw
msT/lg/+PsAYvM4QXUdsA2iKP6m8BSQlCSiCoBIGuYDpSJnWNLOxdlSmQ79Rhqjn
+7aIIuKrDFx3+dPDgMfVHCs1on/6ZwDA7NH9W2+2Ozo9CIKN7XJxTaZ3M4V9pyU/
pzmnIHC9jt4FJHD8pgCO0SgQvrzvBR5gpTMNMJXvrRI9ssUoLGlmggq1FuaT81Qq
Vbk++Bt0mcfKFJhDclyBxEqOkG4EN+0hWtJwtHuxIIHe5QqOdaYMZe6S2C3xa8P5
Z0qIiNrZ7dgMN4ik6yvTPaLB7mjZaUxOw9bGX1LXCplK4tTvBuWd8OExiQOxNmNf
+p/CwQFly+gc6QMF4vQ0+ZnBSQ41q5yUzV46Y21tUCVpMXVqUZw9Ta8A8WpkYS79
x/0L9JLNxIQWO+yUB5y8NI0Ov5+GduqJGGcBhS3B95kkefSEa3p5WLSARLxOZkNP
aaWlppPyedXzR8aNVl9aI9InER8gPC5PhSXD4xsRbpzxWHTVh6sctNkO4rxc6cKO
fJVOpv/gz5zwCDUum2rBKqjALotIATzWq1C3IvHu1qkYiqPzgIjrS9fUrEKc5gMR
foftz3tDZbRAwWMz9w68Pv7gqfCj4iMKKbeu5u32TXhAy7Vh2xw7fqHvga+R/yHV
rINWhCRIXnOuKeC+UBimSqIwwpFs1D8ouKkZqweLVLj+klm7egc=
=ybzC
-----END PGP SIGNATURE-----