A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@railsformers.com
Expires: 2026-12-31T22:59:00.000Z
Encryption: https://gitlab.railsformers.com/security.gpg
Acknowledgments: https://gitlab.railsformers.com/security/hall-of-fame/-/blob/master/README.md

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQT0I546sTttoLBacVgKPCmMQpSULwUCZ5EM/gAKCRAKPCmMQpSU
L4VrAP9OtFfHJXmFYJ/vkmzVgAMBnExmM4aPplmDEaAR5gmsawD5AZrBuDfBv/vp
hS+uU2u1teUJeFDshCloCH1i/iiMDQs=
=Ny3b
-----END PGP SIGNATURE-----