A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:psirt@linaro.org
Canonical: https://www.codelinaro.org/.well-known/security.txt
Policy: https://www.linaro.org/vdp
Expires: 2025-12-29T00:00:00.000Z
-----BEGIN PGP SIGNATURE-----

iQHFBAEBCAAvFiEEC+Q52+0PbsTAW4y9K7zgNY/RHSkFAmhg0X8RHHBzaXJ0QGxp
bmFyby5vcmcACgkQK7zgNY/RHSkw8AwAmVdOSwvz7K/YlWeZ0iXjC5Di32pfUMim
r7j0X443fQEYxWXFlqeb7ULKEc623eNNjA8n7JpJBfn01r9Qg0vqamiob+lznvDo
Xh8X+FnwbYJPedbSLgqhz5APlfXXHSmwVKTbXv8RMHJgzYeHrbjzR9Xq/s1MfPAk
x9HjCakFc1pyIisq0cOjFK0LTO73ORlXXxIM1RurDb2stCRwd1f8T7zqVS5wOiPE
2bhMN07ANnAtE2/as1Zew3kRL+bbS+U9qubLBm7wsThha5NDYBUeSs9+XVrmutlj
QemdBy3YtGosMkO6eJ8UrK+KaHvk1+HPPqpWHOm5/aiGqaxhJzRDR73bUM6Zu2Xk
aRnTZvFTsg7jtv8KJ4v3OwivYjkTPmUHM9F3G9dt5yJPXdbr1Q+I3cYSkwI6iDpk
99+ZfrrjCKrh4viIc7jo5JKnw8jqgqYPNVKLtfzBM8sWsUqRgzgVrBwKe4CJwQM6
R+nc3ljloKJxiv9DSbQqZ3Zqmu9Mbc/k
=8erF
-----END PGP SIGNATURE-----