A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# Our security address
Contact: security - at - recommerce - dot - com

# Canonical URI
Canonical: https://recommerce.com/.well-known/security.txt

Expires: 2030-12-31T00:00:00z
Preferred-Languages: en, fr
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEgitYC4kNEgrawg/Ao2gnMT8WU1AFAmUnq/gACgkQo2gnMT8W
U1AzzAv/eSp0IBXKUmFETiRZcHY0Zj3ILi3SGFqueN1Vlp6rcHEt1/k1li83eXYc
hE2QpA4QF9g57fYoVDudiG9CKmbJWs6PLboW9NdxIrXBpp1feOHCpYDEK3fkFG5H
1NutLEMjRkmEG8O2xRGMribYYjidRpezVmao1HoyBp91AViZ4yLgRXs98xhYNhwe
oUxAyH8mt0rmcpvvPyYRjF6gjXhpwCgwB6brTAIGJgg3vZ8VEEBrolqSkfan4rKz
+sSq9OQhvog/l5q0p1CFshFHZ6I/Q4Xq0CJ1vqCJ7Z8ibvuE9BsCq5H4dix8h41x
kUM19jUdeGtOnsmSwe8Nr3nRBTlAPUKxTcIRvfIrBITv3Kqgup00lpHCWTvnt72B
2eMzukUWuywNYYCWBJstUcawrex7U1tef4TLGVICAbYxZaTW76gyI/i0hW13QSDn
Kx4n6lvO4b1CR0kBlhrI6gfBRm9ZUvKBVTW+HFYN2Mp83wAh4p1IO+UHDpQiRI/c
yLV9e+bW
=WgFZ
-----END PGP SIGNATURE-----