A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Contact information to use for reporting vulnerabilities
Contact: mailto:security@cert.br

# Link to a key to be used for encrypted communication
Encryption: https://cert.br/pgp/CERTbr.asc

# List of preferred languages for security reports
Preferred-Languages: en, pt-br

# Date and time after which this file is considered stale
Expires: 2026-01-15T23:59:00Z

# EOF
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCAAdFiEEuzZdCqwLN3aX49wLfvg8X98O8WAFAmd//wQACgkQfvg8X98O
8WAa2QwAkUpPiIbbTQkwDpr+S36sxHO9JhMGg3fCiA37aqAa1GwPWIZ5mMTXzzcv
CDnCYiYtlp5eJ6rEEccIRhxpJF+ix5QGsxbmTvV0OmyPt4CYFnB2NAZFZEOMlmWz
MCu+YIiCX3sXc2frje3DWtKDOaHfjPqV7ckCiGbdM3hZECsavjpSBkPAv5XfLHZ8
c5pSz7TWH45nnB50X3l6wP2d1G99qDv0h1PI4jf1rTr+D4QcyUgs1N38z0CcX6ne
j24+Qj6lD2BAE0ENRkoz3Vb+y0BfI75OgWyk1ONESpVxruCBuGLOWOWjFTVOh6pQ
ysWuhla03E25S5jAZJIHT51c/wUg91Q9caxVxOFJNoGlXxUOS4VRP3pxADWYAmqN
0uqcgaQZmHu9D4JYU15A8O4XZIH+PUufBD36XQnYPk2/7YC8Nh0gJbsUP+YoT+eE
TLuJAF70inm8f6x3NEGICI7YkxD+hrzVm6Cw0NxwrQixt6O256/0WXcaiQhIBzXo
n2GkXW/G
=ylgN
-----END PGP SIGNATURE-----