A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# This is the security.txt for iLost.
# For more information, see https://securitytxt.org/

# The following is for verification of this security.txt file
Canonical: https://ilost.co/.well-known/security.txt

# This security.txt file should not be considered valid after the following date
Expires: 2026-03-09T23:00:00.000Z

# If you would like to report a security issue please contact us:
Contact: mailto:security@ilost.co

# Our preferred languages for security reports
Preferred-Languages: en

# Encryption - use this key to encrypt sensitive information sent to us
Encryption: https://ilost.co/pgp-key.txt

-----BEGIN PGP SIGNATURE-----

iQHCBAABCgAsFiEEHICI2SsAtTXwHhtdBp8BNqv3WBEFAmT3SWQOHGluZm9AaWxv
c3QuY28ACgkQBp8BNqv3WBEYRAv+KyYWJ25x57odsiGM/mPlaPovU+2q/JHE8akJ
+Y7KQg6grxU4I02PTQ2VolT5u6tLS9TAmugER+sKb8rOt6aLnHxWwPNvhoqTkl0N
hIchlR6XPBVp4LBBdGxtZvIFfImmUZZo706pQeS3Jfg8T24b2XREycy9hhjmCU/E
xw2nt0HO2c50yueTnknaE2gQOlY3by9yhUjxht3mV116TacdEydSdstaf6c3ZtKu
yRlFRPAS6vC6aLiv/tv0bYfuGtjobfA+zPMapLSeQsYPnpsB/CsVMFTedGS2ltpf
3Dfac/rh+DtGMBldtmd5kCqZjmrCyowFg9/ma6DMEF+SRt/z5bF9RYeNvtIsrrLm
zJ6UH8tn5yMN1JteHHR7jQlKGfzLLomGG5IK65rLaoK3AUHnAkgL9IYULO1UjvHt
0TwyhQyUs8qATVrYrk/OVj03NhWI1pExo/Ti6qmzUopNtCf7lfZ9pTnT/oVe7ZEV
9VhBBI1YGB1utaeiEvMEh4YyuX91
=dGX7
-----END PGP SIGNATURE-----