A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:disclosure@localiza.com
Expires: 2026-05-19T15:00:00.000Z
Encryption: https://www.localiza.com.br/pgp-key.txt
Preferred-Languages: en,pt-br
Canonical: https://www.localiza.com.br/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEETlsSSZxW4tPDXQSHK+hmivRSXBAFAmgrKtoACgkQK+hmivRS
XBCqQxAAnKC2XuMc5+08HPW0+DWeqfpzH0diR0HuJjuHFvDOdrTwdYd5Znvxh/Lz
y9Ts/fwm4Q+mrJwZ9oouQGEVNO2dr4yqlnuI0SIv7P5bSAY1EvYxo9CpmngpmpRw
b73Oqwl/s1l7mHLMoS5rZulgaWL7+lYWNLPbyuFulSAwunMzpkK9aeoOAnwnswCU
mkMaak7qzZkCsnNCapPQXt2GOMMOimoA3DwbTMbNEutU5PIIUcFYbYIq8QGddloQ
2OKsGoF9kWbfT3DHBgvt97FIrwKygQJIlG4JLbYxE51JtdyxvkYrOKVmzdLIEJ5U
zxTYt5regZ5ZGX1huovz4g+2RQBtPU+oWJnoqHpaLlFUVJXzYutJGJdKo6OuDoZA
q5botEi9VbvrT/cIslL9oml2HUoGFqR71pKnU+C6wmhV5FE/s6m9INaFcPhkbw/o
ifFW9jS+7rHl6LzCY0LfdAAkGEuUu+th4mbcXXfHKKqpT2rNwcvAKxXnBQrRmD4K
gGOC2uKw3pIhJ0f+ZQKWWP8JOljrnwYfhU1dI8aO5X0POFrvOwOBUnvp6pSzhrcA
CDBWAGzWg5mXiAx7JBvhPCet/02iw76KN7hySB1eWXfl82hlFq+WtPx2OZUA2BtZ
zwoUVAfEqnx0uOVmNOuQQtUKWksBY1Mio63qHJjONQ1iBTf6rkk=
=mIry
-----END PGP SIGNATURE-----