A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@fg.cz
Encryption: https://www.fg.cz/.well-known/pgp_encryption_key.txt
Preferred-Languages: cs, en
Expires: 2025-04-24T10:54:45+02:00
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEk1w7GXP88+r8MT9j4+rDkrsm6tQFAmYoyR0ACgkQ4+rDkrsm
6tRGFA/5AeotTIz+F0wvcRMSb1vqiOLAETV8bH2mMOuKTJoQbGBIRE6/2nm+nUyo
ss1HxXmIH0mBIqDq9QtfZm52YBSzr7S5XSX+WH89kWqVaZrw7vzM7xyUIOv2/29R
j/nhxkswJcooZVxYCQr7nuNOSflVcImhgs5CF1FH9lDp+7FDnj9P0qZvOUsy1fPu
6IIp5HP/koifoRXRLAR0qePyqwHm1bgnRZSuH5B8ZbXTCHr3Q/hcAYePcwTTtR8+
0FglzH2MTa5wwW10gtBNvrRWMyDDE5li3QF94PH7LXaHrNKZsQA6f5FhhQyGZa7s
5S/TT4sUcy5DLvkg1OzARl4fgCAwavNDjks4dFuZ91K3K7oRrXXQcOq/ctNckkGz
fP76U+YxqAdSHgzqZPivWaq4gJ8oEh4zk8g9ayTVyQi2yMmbCG2BcA6P+W+60/v2
yGawKXyBWNO0f7DtfK7f9RsM9+CILWviaGEnPbuk23rNPjth3pc1Wgx/n9OSMiwU
hw2pj7JiH5Y54EgvvGfK8zg2yRV1IZvtd6pB+w1mvIdTxx/5gkLGfisLSnrhoO4R
HoRfHeMJwfLWIMDVErbGXFNWvIy4/m2ZhjTQ/0GUK3OFFRP3n85gKAY2aS+ZUd/4
9PSf22JCTf69OH6U7Cn04Hg7cBfXjMOVg7aKFY/mpHjdL6+cqag=
=FRq+
-----END PGP SIGNATURE-----