A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@nubank.com.br
Encryption: https://cdn.nubank.com.br/pgp/key.txt
Preferred-Languages: en
Canonical: https://nubank.com.br/.well-known/security.txt
Hiring: https://nubank.com.br/en/careers/
Vulnerability Disclosure Program: https://hackerone.com/nubank
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE2Bw0rHClA0yBLTUwLubm4YwwYB4FAmFKO8UACgkQLubm4Yww
YB7dbw//Y9tpVdc5445rMz/0noIgVfxgvBbn5rlTsRK9FdquXZ+tLqDcpRt0puFm
UYgwa/2wByoJbNHQfiEzFswciiA66gQg7xaTWrqIOPXXqkXYHqKnSDRvRrHQLsSE
FsE5qFlN+mUhpw3Sr9W8cm/7sMDFsk4xVEHf+qnta+uIzF3PnOaDvSFwKhmE3FII
d7KdmKlu02RHUxJ4iJtbDjw4t/O140+ZdJSXz/RXONtapJfAF9ASPxn5c37TKGZO
+f2Gm1XYdoleHCWV/9AOUZk49dKVqHImfXw4bWCA07otF4yUq9zLzelyK5+PYzxt
6rmFDOHYNA7/ZxqwFUp3JCawspsu6kEJhwDPRsdBKhUb0TQqq4X3iNFDiIM1S1LR
vpH/9b5Y8KnwAbO12A8fjvlkJx2yNin/kRLubV/iXIqzPa9sxZVSs+eZ9UQJOs+b
REh4hzV00RXyaewtrUCU1OcKj2d38AMjOeFnGid5VnhLUR56r4t8QeL9ZbMy1Cn0
HUTd//Kfpv09RSpzBh3sW0eST3e4+XP2ZBiImz6Yd/EtutyGqMbAI7R9DVG/VXWE
OAFqRGzuboijrSD412I3A1pnehsz5O9kn3w9/6iBoKz/wZgFuKkv6soRcH57PIxM
ZXFNxiYGM5ubQEoea22x70nebcyDzWESXOMgg6K/BC3PskL/biE=
=uNNk
-----END PGP SIGNATURE-----