A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Policy: https://www.todesktop.com/security-policy
Canonical: https://www.todesktop.com/.well-known/security.txt
Encryption: https://www.todesktop.com/disclosure.asc.pub
Contact: mailto:disclosure@todesktop.com
Expires: 2029-02-21T10:56:45z
Preferred-Languages: en
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEQZYDWHLjXkDXm+oUpPsP5QQAXV4FAme8T5cACgkQpPsP5QQA
XV5h1g//RwHvhSShM+cpasJ3ewtU0JOhjOxLRIpbfTS5yZaEVyAnUpW7qaVsRqkI
0WHLEIwvzk59iXzFYQ4Fmh2cMrkymlQqnWcO5iMbdYA+N1fwatx1MmSJknxo9ZP7
H3FRR9tCslxhS4oBQcpgn5fSzsDmruArNGWTVAgcUHnlNThIzbnQ0FzrqAAU8G2j
K7HXCuiTwIddJuDaXjZGU8NjzY50pjfRMwVvOVwS71vtowTAqjztPp5HOrxe7Ttj
/iXxNXc5n4C9eh3RH55lFPcDiMuVw50sMbL8YXM0dWwSNyVuRNBSUzDhjIFJ2ePV
/SKvAnTvqsY/VEDilUNx+La8rpFT00jU8H6MZ3cZ6wC43z5PUYYPljwda60ey5qw
unJgd0dO0xgM0p32VcVfSchjOaQeFC3XkAbqzdmNScW8XX7Cea/cePncjmpgE70/
ftbmn8EgcNgccJTiz/CqbG8A+i4ywrqiKdDLbuD6mfzIjfHc+HIHVdmy7KIIUPnU
wcolzEqQO5kKjQIx1DiaEG+HwogQWqxBFWVhpCPQo8hvs4linK1aGwc2s9c+I5F1
v/Ek/bNGTzxcYfE04JS8dgP6pkQfiJpPP0X2FFjHttJ5eDLpUNKuNHMa4r0/lqrh
U6ntwGPa+tUyYCfT9XPoTuboEaUZSi55SnI4uQ3RC6a1rjOYl4k=
=UNVJ
-----END PGP SIGNATURE-----