A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Did you find security issue on benvenuti.ro or enzobertini.ro website?
# You may send us report using information below
Canonical: https://benvenuti.ro/.well-known/security.txt
Contact: mailto:levi@benvenuti.ro
Encryption: https://leventebirta.keybase.pub/levi_benvenuti_pubkey.txt
Preferred-Languages: en, ro, hu
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEujtIT5JPLBtcWz+o8CdlVuzlI3AFAmAllisACgkQ8CdlVuzl
I3Bnbg/9GvOjQ28CJzLVeG2A1ddCH/FEyWoyZ6K3Sy3ZmNMTDbijflFTEpYaotTo
QVQ3LFYreBKitWZ2BbOlthqFXvvOY1QU8B7komvcKhaL9ANHB25swkUom5xqeRLZ
m3FsbXguXM7dAqj8wjXAJ9Yf62AtVmCKfEe1NVUUmfbz8v71W8NCkDufuyPy6EY2
+9EjOUKkMUk0umKahqLayZbMAA/AsuYmj9/AperPy2Xfm+QS+GJ1N2e396Wm602i
/u0iTLvO3iCrdehNyoRVpv03x86OoeWjsCiJJdAqtNQXH2VSuhjen0QPLPnQk9cI
iGxxAphSEDE5djDP8lfjKaAxQg+rza2+7HbqVzg0eUqrr6mORNyVh1DDKgQ9x3MI
q5xfUEDrFYDK0eTgSE9FUmFYURd/q/rnnks2qh1S0hpcboVDBGAbuJ1odXydkAtr
2ZOrpkXkfid/jH2/HN8TsHiLajMA68whpxaw68pwXU+Pf1NIQh+REfdPQNhocMp8
qSf27kocYzPBtn0apOcHrS/HCchMmKu8NrlGJ3K5RCREUD39A8Kbdo+lVPHXQhZp
4GqoO5qmY3uBRjAsJoynlsLfrRDfU+7wlj0zccYCqQgvrZ1hXgIbRd5/lla2ttIw
AbprVh80XolJazOHgOQqaE1n6Sm4jK5zVZfR6O+Q5DPiM5UC8Go=
=0Kmk
-----END PGP SIGNATURE-----