A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Welcome to Kiteworks' security.txt file

# Contact us
Contact: https://security.kiteworks.com

# This file will become stale at:
Expires: 2025-12-31T22:59:00.000Z

# This is our public PGP key for security communication:
Encryption: https://www.kiteworks.com/.well-known/vulnerability@kiteworks.com.asc

# We speak English:
Preferred-Languages: en

# The file you are reading right now is signed with the PGP key above and can be found at:
Canonical: https://www.kiteworks.com/.well-known/security.txt

# This is our policy on responsible disclosure
Policy: https://security.kiteworks.com

# We are hiring:
Hiring: https://www.kiteworks.com/company/careers/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEe3N1lthuPeBsF/7PLOcHKQSfncsFAmeaGf8ACgkQLOcHKQSf
ncsSJhAAhms0ER0Fm2JqP/5rCA35d6O9Vn4JsgPIbYaQFbF84Fu4jl8BBIQN5IBw
K3igw2XD78byblcBsBILN36Kteh/NDh/N8eMRqcWfyKljdvpuWL7TbIOI7HqQVZd
/1qmpnx7BXwFEBQtzy+zq2/plC5OSvALBEghmf20vbkntMY0V1YxOIdOT1DCnWek
tRDfJX6bPlfsncQDmaEbHpDkXFJOXJlD8hGOuPFrL4Uhfs2Nx4yHrV7ZuIZatGaj
MO+CyvW9SI1k7gEn53j9XwzPNnd7O7O7/F6++q7qD2AwxMAZG7g3cVZnC0hT0Ley
/yXIWCFHNYC0nPQ9+yTFe2ZTXbP/chFsBxW0EtYBbGRkUwenaJzTRmMtivj+C+ep
RAbWVlHise+X15caqGvOg5y/8omW2LglGqh1Q0GQmWaufQL+xZWWSW2ZMLhdEYnR
9iGwoD6CsIUfQQYzL4VNVACfT6s/CKmwjo9OXjEPbVTK9+/YRvi9A0lPJrPiRTEF
2E5/beYT3rnjHA/+pc6UqvAtE9p+onZm+iWGQ1aztZQF3BIDKRkOMyN5mY/UA7iO
MRJVA66GbMiiPw7vcqyenT3GzKjZiRxb0Soqh26zMmJ+FXQfe3Bu5X5P/POeNAvf
iF3FhnSk/sNjvUGqTgtQ0S5HugOoCcCdeW8T5BljXBWl9p+jyeY=
=8i1C
-----END PGP SIGNATURE-----