A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# What's this file?
# https://www.kernel-error.de/kernel-error-blog/453-draft-zu-security-policies

# Email
Contact: mailto:kernel-error@kernel-error.com

# Matrix Direct Message to @kernel-error:kernel-error.com
Contact: https://riot.im/app/#/user/@kernel-error:kernel-error.com?action=chat

Encryption: https://www.kernel-error.de/download/0x1208602584EB1DE2.gpg.asc
Canonical: https://www.kernel-error.de/.well-known/security.txt
Preferred-Languages: de,en
Expires: Thu, 31 Dec 2022 12:00:00 +0100
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEkleU2ZHTmHwUBRCoEghgJYTrHeIFAl/+8hUACgkQEghgJYTr
HeI20Q/+JLfrE1LTz22VnfL5m3SFQiD1CfyKDKw/PYK7n+vTPcUtn1AZoOB3IIfZ
zw+EarFSRsewO/qV95fFMkt/7CmjMR3oYqAV4mD3Mk3YxeV5FLGVgylOE0RxH+nw
qyx60w+Y3ZzpQboY+GdFWpd6z0u5yH4O+2x20fpofq2VUTkKYypCZy7+MJPC9VzQ
ViwnoKnDGXlXXIGK5Ae92LNoanZvv0MgOVhuoSu4BnC9orFu9E+L5gGoPcVg31Zg
vCaLjfzqcvihGCUSZQ7ycMLk4fyVtra74RQg7R1sHJamVDONSk9/2yHesqfaLAv8
ljAXIy1ptgQ0J9G8dkYGBye7tDFQfLD8QWrAPxybmuP4DTBDaSvsyxWWMKyuR6f3
FxJ0Sv4AOhiJxli2QpsHT57mT91BcuhmSRnr2Wv6NcQiADeHHHhd6lIcl4ZpWnK2
sLfCH+Cccoye/KduG59zujYwRmfrXcvowkPXuf0f21wREFz7tQr/7lnlhjGdPFub
24kNA1btjqOMGj6HGabYcix8aXD8VkIDf+w8x5D+Ers1Z0cYhNKthrLI9+cZLoEz
QCswrLumiwzJ712jzediLSlpGbcJiF754qV44KUHT3QF6CESTGlabDvoXpy0K5+m
bGHBmFLBi1uLVg+r7/7qyt+Hu7Xg8TOTOJ++KRQcsQihII9pSkw=
=f7iq
-----END PGP SIGNATURE-----