A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: https://nathanharmon.net/contact
Expires: 2026-06-19T12:00:00.000Z
Encryption: https://nathanharmon.net/contact/key.asc
Encryption: http://3bpk73mco77grol73n2ovi5sakjnqj7rdrbxi42awa5bmh4noyzpc7qd.onion/contact/key.asc
Encryption: openpgp4fpr:326522F016E5623FA30D4595A31B32D692B03B89
Preferred-Languages: en
Canonical: https://nathanharmon.net/.well-known/security.txt
Canonical: https://cloud.nathanharmon.net/.well-known/security.txt
Canonical: http://3bpk73mco77grol73n2ovi5sakjnqj7rdrbxi42awa5bmh4noyzpc7qd.onion/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQJPBAEBCgA5FiEEMmUi8BblYj+jDUWVoxsy1pKwO4kFAmHXagIbHHdlYm1hc3Rl
ckBuYXRoYW5oYXJtb24ubmV0AAoJEKMbMtaSsDuJE7cP/1lSvQgtM0+2E/nXjR6n
df5SAjGaP54D+YBChZQpIGJKHUGnZ0F76CfX98DQYynduXOsj55TYhDngN702XkB
9gVyBVKBQfieZ3kaeyx3Y/5Fx6b8NeBp0NT60ClPLijPH3wLZDSIldSm6N/miRg/
DlbbZT6Co96dxF0HdfaosftaqcYvG9lIa1Hppl3xEEtJj0yLfpBkQQb1Jtv0Uqo+
jf+Xg4iDPwjvOLMQDmaypyHUizhvnNpC0MIhx5uo7mIujftQx+9B5xU7xCpgW0rh
MIyqGg3kWX9ehogqtWBOdq732JwBrFdfeuZCZH1hZehfX3b+f9O+5udSBr6AtDcG
f8ZUq0SmMUQZiC2L94IG5x2ItX7j2f0Kt00oT5AlN/QAl7odmz/sXmHzhwxUkqsZ
TbOS5UJ8Hcw9cSgLaRam4KONWgk6uStJT/CZTpd+tb+3xaTixrn6eCQ1bczV7E6R
mPTBncvKukGmIhVSJ/BAP38ovcGifkZ8ClzfjBZXNiv7dOx//geeV1N+MpaDDb5R
GvbnsOu7a5O3OnJw9Ib9wL+XjhJueotSCprdwvb/Yj0fIKJryEeowNoDyp7SKuXE
GXL+E3hj2Yy7IjWbyoZDKtQ7kA3lcmf8HZGJC/ztXu+kmH9wvHnmWxf2ZaSeV3Ba
LrLe0c1NGBmfiTXNGmrETWZY
=k88n
-----END PGP SIGNATURE-----