A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:roger@paranoidpenguin.net
Encryption: https://blog.paranoidpenguin.net/pgp/
Canonical: https://paranoidpenguin.net/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEIpYMi0QWFt1UV613RuHSZIXWFosFAl7NZb8ACgkQRuHSZIXW
FosBNQ//drFOgCOsolFV4Ncyt73tAkRP92sLGG2232YNN4VWOTk8B1R28KysxrvB
cuWlDa1xAyO6waME12GCBX8SFRjCWAtLxSSkdY36zIfdp1AYyKWyhsN/686PZDU1
yI071OhK8NiFSHfAPq/As/xJJAY3WGcKUnwIwy7n3cuwx1DbuxVNKDfGbrcFfXIg
YctM0g/1sy9n5LcHK5ehBKPfhO4rT0pXiu4fBvCovjRtYC+4F42deUf4z+tb9PKC
BT2BaGru4nLA++pP4mjsapOxM30Fl+0Ku4iDDq+NfW0dAuwuPVJ1+xPPOT0ycmKs
4qIPd01s2O0jB14JSaFltAFkzMRtMXLfoN43uaDZ+/AchlPQdzsvMxcWzvdsIAio
kdipxLu5mydA4KXfUmCRW0bQUonwWayx5Zk5cOItIM3D85Z2c2CmNsquUBHtoKY6
8VUwnE/NW7efyRSNAXHgeoGQUl6GhwtOWWRIXu4xLePm3znSWj/gI84DGKHFqnYE
BixzNjzhgGFN0OsR8RZXQWo8hE2xR4O82nCJZvyuXldlAZZrBiqvtQ5vaPlkIVJe
Waccv56qVhgIhEwLkLwYOswAld41ZJOlmzmc+4IGL+0r42gS2fXv5fZA+4AwnckB
n78GEnGI44nfiGK8p3IHv2brHf0Dyk1mjYxfInRhPJIMr2BsxHU=
=eP1Z
-----END PGP SIGNATURE-----