A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Contact information to use for reporting vulnerabilities
Contact: mailto:security@cert.br

# Link to a key to be used for encrypted communication
Encryption: https://cert.br/pgp/CERTbr.asc

# List of preferred languages for security reports
Preferred-Languages: en, pt-br

# Date and time after which this file is considered stale
Expires: 2025-01-15T23:59:00Z

# EOF
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCAAdFiEEFijHEXTMMflXlMINoj/YKobgHJ8FAmWhQeoACgkQoj/YKobg
HJ/jZwwAkJ+bHAVIPVLV2nHAC9k1AWm8QZspW6RR/hQdkKhds200coxyJscsbSpp
ZKlORHte4a3QuY7HCjghYTwOwLDiBk7M4Ii0CPsk9xdeDZu23iKrnxOC+AY7unsP
Oyh7+iI99YC6pPjM1zhJpHGCJ/uIaEwiIB5s0xaqJFe6EUwwgvbYX1wrb/R6Ohgn
s2wKlqqWhRsSv4t7k5aNFF+ZD2nKyKR1VGf2junGptReK0jkVv5oZpzst51qaH8Y
gJpkBh8ex7JKJdyxjf3qXQLYkzfeSYTj6cCQpy6QpTrxtQuIpAO+0BQjhc+irQbM
yEQwjdm0L+OtGXux3MxRSEqPRoIUfN3b7Skt+HPwwW7hLLLICWwUQUPdZtaro+2e
AxbsByZjXpPoYRnwyJ4aQueURZDdlDnmyWK+0+zrb/sj9466eCQ7dYXyKUJ584KF
gYfh8Bxe1koz/1UduY45YGki5KurseFt7nFSEgI2392NIWQWbcmD+1TF6ObDuhdw
H1iG5e9I
=yHF0
-----END PGP SIGNATURE-----