A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Canonical: https://kagl.me/.well-known/security.txt
Contact: mailto:me@kagl.me
Contact: tel:+13069302190
Encryption: https://kagl.me/main_key.txt
Expires: 2023-12-31T00:00:00z
Preferred-Languages: en
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEyQ9gS8hwWb6jvB6jGmfbQNg5Py8FAmPHEZMACgkQGmfbQNg5
Py9OCA//eEWmiKYFXTE5pOdNcSxQ7sDETQ1mQi7PlocFQqT8ihQ5nicx6JQi+XaV
oGVYqxdtcCwEwWLhpXEEhb9NNYxlnS1AdSrBdi2o25vIYJkLvEG3TitwRwY3ea3c
NP32P60KwA9/ZxdyFme8mVvCOluCy8o6sn/3KFNhm+yRC+MR9hNKfQZOxvYFvDHh
o1rwK9aYCqQ/BYXiGA7r3zeCeTUB3eqAhFsZlcnynkcpXPqG1bfSFuOValK5A0v1
CzyxACUc9ozNruqgyIja2ptKuOgLuRPinsBWJYjR1OzYm2m9CZklcm/FYUVMz3Y7
4AZ12FUo0InP6oFYIdn9VqTrbJXd/9r4JRvQGl+LGENudy80imptrvr7RUsWwb/e
c3mHWw5ow6CtvGBuH/W8VEADTwQdjN3DVbjWvPwhE3OqU4cAXJcKWFOzPQJlP4Ke
iLiWKdnFSwMD8n7VNVBXWqMJjLCz50h8Yj/CmPTc1RGhqQP5YD4q7RTox0BIoiHz
q92E8ACdSTrTDmI01/KHTfdwgX02EpIuKtwQCqBdKY5Awzw8U51sDyXQYQ+26Mtd
wKV7WIMyYfrf2E1p5OR66g/f9z9KF/qacFKk7IrBVEgStUJy0lSo2Jr/5qWOxSgy
pbwQ9G96dMeO+zhobiZMLAU0YF2K5Cd5ckDEXWzk6H/fyQR4TJY=
=wfeV
-----END PGP SIGNATURE-----