A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Wh- Why are you here?
Contact: mailto:xanderclue@gmail.com
Expires: Thu, 31 Mar 2022 16:20 +1000
Encryption: https://www.xanarchist.com/publickey.txt
Preferred-Languages: en, es, de, ja
Canonical: https://www.xanarchist.com/.well-known/security.txt

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEE0uNJsFPlQTGR3ndPLs/JL1wUWhEFAmCQS+IVHHhhbmRlcmNs
dWVAZ21haWwuY29tAAoJEC7PyS9cFFoRbQYQALD7NTNdKYpJfPW6gzkWz2ftztsD
krG684lqwncq4JJ0z+Eqegyiwl2OXVqne9HGY8FpwUw9ttIiYWDAW5n5wuYAssXp
C0C+jQMdvXpyR1mnRYddWaMclgqAj+eSucAsz7wxSXjF/QDUFjGWXe3yrArlAsly
MOhnIkT4nWSpF2uTPRlBe+bh0oBaItGfz2CLv00zJHrILp0wj2kpcbUlWXCCXe9Z
+5GS+R6bk+usiyN0mfWGn6X5rWOmXJWz5onCobOwrDPaYuCjD+acItLLW5yOgC2A
Kw9IPC5FPPNyV9HAwUDqiGs0fD4jJMwEAl7FigJCPkx4btI8UYPrgyKE7ZH+y+j5
268KTI01zVQizCYOe1I+LF5yxfEXbjmkANrWhnP19DFKS1kgzgdeDUr2rdw4bCGf
ilQVJyR+P8lVThQlAnpv2pmTFTIPDDcG9zWp+ee63WM+QEQqVH7WcM+2+f26+fPz
uhZ29wiB1jGx5gttNceBCGEU8rn+cEI82jjMNLzR5vPhQkx1f6T3S6mNk/5HcfHQ
nKk0Ip+3ofvb1E20tp6RGkfQVndfuEoPG1Yh1Lo35t9oj6nqMTr/hx7K+ljAaGV3
gb6TsynEd86GE8PoRAXONhrXuqGi7Te6XtZK41LqYtzzk/VVFaB1YKhNensVYLWT
BIymdZgrJ0qD8Tyg
=a3/v
-----END PGP SIGNATURE-----