A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@fg.cz
Encryption: https://www.fg.cz/.well-known/pgp_encryption_key.txt
Preferred-Languages: cs, en
Expires: 2026-04-22T08:48:11+02:00
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEk1w7GXP88+r8MT9j4+rDkrsm6tQFAmgHO7UACgkQ4+rDkrsm
6tTYAxAAj0As3ShN618XgWcJLUKOby0Oco2fXoDaeZ0aByZZawy/TTXCcVwpVwoT
8akxXN+1c89jx9wiQU/v2wbd0LxFnj9qzxw6YOfpU2qleq74OXI1rnfA8tkkjhMP
+umhkj66zKlFudPbCVnZeYECftuda++XBsFbyHaPC2BRp5hxxEwr06826o3viGYN
AYZkvuR9oxVmDQ1ekYyiIkvF69GqF6hkrKrE89jDqnj5fxmo90A9zA85HZSxFL+c
HfB2JNB/5lfnPkqV4sy+pN0oZ8aBj6XuQo+woLvWfaxnZFTkFACzKdAbep5Ss6c9
XM9HjUlB28UIG6TXwhP3BAfyNBPWBF+/qHMORYpTV3G3cDsBTUbfCCcdGEVW2KTB
B09ayrJU2sDkWE8hVBfanP6GoQjAk5H0MS9a4hJyTDlBAw9ZNv/E0H3ABLpFqrv2
Walf7ED6Zu7nGPR+CTvLyW9twlhHAFQLPUHiPjLqvD2AC/ODd4TuDBVz/3HTuKEL
z9rMd7yopytmNHJR3Z58xxAEbHSajQFU2kvCoqPX6ncRn7pjtgFklpIIZ5J6ASvV
XdwzZSP/OFaKhv8p/uX2lXYfep+wg+07jC/72pUJVXMjmyJNuJZDytzvC5NJiTKk
iSrBUW1hmiPGnCyeDZ2h6tQ8Q+mTobNct/AAWoccvYlOKZjQPss=
=hZ1F
-----END PGP SIGNATURE-----