A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# Our security address
Contact: mailto:secops@cego.dk

Preferred-Languages: da, en

# Canonical URI
Canonical: https://www.spinking.co.uk/.well-known/security.txt

# PGP public key
Encryption: https://www.spinking.co.uk/gpg/secops-public-key.txt
Expires: 2028-04-22T13:11:34+00:00
-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEEOPTKwTQSWURWSkyvh9NQYpgDZBMFAmgI5wYPHHNlY29wc0Bj
ZWdvLmRrAAoJEIfTUGKYA2QTcEgP/2feeoG1/0atF4wku+PyT9Y2BYGFdMItvotN
f7DKGBuN67imlmg/3X8Ff3Ejlp4y4cALoHHJjUTiDqpGzVy2UDRk7rMEzCFOcGrm
nKWBV8lpvQ9XR66kH2rH8TxGMSRMyiw+g859fziu+hIktpBUM458LrkZkbwuN3WG
xoO1dKXTFxGfYSPfTFixc+K6YARCn8i/QJOBTTFREM/AIr5z7aApb6r/dQZkITHg
g0pkiMoVM0zP/y13yKWC3AcWBlxitzXiR33g5wUKrk4o3rlls6isLwt7j3Eqepg4
myY/4rA7OfJ5Do7wOLQ4YFk0vMUsBJlaaqdzvy0p7mL0pGDkIKcBEV2jDZtOwGkL
wDY9HHLZxCPEXZl2lkqdpWDlYtVQ3pkT/+5FCPDIg6SWGwize/ZNqm5sUBy0U/IV
Qf9Huou0+nF8eebQvrKGPOSnP6ezPnlnAYeWN4R/QWcQIDayNKSX5pNQoGDDJvgI
zzc7k+BJ+QmExlKjdp9zOHnAieVbTI0LTK9oOBhDjNJPw1AbT+F8eHKoWfOp/nSb
k68j8bLYIa5pSKB0uG+GY0py/yrNBroFhbcht4fs24Dg3myqxHNQM40ah/Kxg1X+
7/189YK85w7SLunyf2dQ53eg6VCZe+qMlW6OsD6AwUF7U/crpHN4KSuKIKGLtLC1
G9qrsBF7
=Ozl9
-----END PGP SIGNATURE-----