A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:thomas.deutschmann@i12.de
Contact: https://www.i12.de/impressum/
Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/15B4233CBB477D1F1F5DB7AF050ABE13B1B299C9
Preferred-Languages: de, en
Canonical: https://www.i12.de/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEFbQjPLtHfR8fXbevBQq+E7GymckFAl3e/x5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDE1
QjQyMzNDQkI0NzdEMUYxRjVEQjdBRjA1MEFCRTEzQjFCMjk5QzkACgkQBQq+E7Gy
mcl8jQ/+O+y+Bm6/pb+2CXjuHYWAkVMtjTJvOcZwx/1HQOLuKcO4+aTfKnuRSvt4
yLEkUu2yR0Ck/bpXNLQWJhA88EggKRHpeG4Bh3HrlPe2LjRjIvDO6Gq527+2xYzf
/vpK146jdleM0I4hdw5/intyRiggngiOUAPwOrcMxpbSKK3e7nRq0CUKjtjX8SM6
q8mh4ezUQtI/08MiuVwd2LoUJCd58bpF09ov6lV8PDlddKUNreLOohR3GoNaQymL
dHImMIghh0AwuZOpEwwKbwM/Mzc8cj3jmJ+3O1XBlwbfvKYTS3GYBOgeYxSp63zO
buGT5fgdyQsYQslMxMdQJXkT/uepvMNFixiOmfdzg7kJKkqxHsrvfNJDwIqq0SSh
x6Jel3eZTh3LKx47vD11RAu/HhBXbFGIVhDw4tXxjuWbbZCqo4alWtxgzdK6n+Oe
ru4CC4/jSif3TTY3i8aXzYtmymwPb1bhs+qSI64SrjlZ8iFlm8HlggHz8B8iH9cM
Z6b4JOLlkPCJH8IZOBI+X2eCDnPsgJYUwisgwE6bzeaAxczgFSDX5oI5GHniENSg
ulyYjTGEFx73AFGmfjt8F4GRDJ7CSYEM0BFzVkl0HNmpQ4LpsX4o6IKlldcljarH
nOIDkb1kMPtoXMrqSua9Ttg5V4Ytcl9yOgvUesAjFxKj7PLShWE=
=wFFI
-----END PGP SIGNATURE-----