A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: https://unit410.com/disclosure.html
Contact: mailto:security@unit410.com
Expires: 2140-10-08T00:00:00.000Z
Encryption: https://keybase.io/unit410/pgp_keys.asc
Preferred-Languages: en
Canonical: https://unit410.com/.well-known/security.txt
Hiring: https://unit410.com/jobs
-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEIg5mOdBF1NlpPPu+eMHRGmXAsigFAmJnAhIVHHNlY3VyaXR5
QHVuaXQ0MTAuY29tAAoJEHjB0RplwLIodSMP/j+WBcnwD7IrLPxAkx7X6/4XHrbd
pd+KzuyodSfzkVGrHOxWHCSWlNTEIwNG5yRSJKpcp6cMu+WbRZBTRzG15Wzy90B2
0yw14ieYXqsDFBvvCMxm3cOmAtYhtHUIYc7m+4SqWv34O4vu79iZTPinel2o50ig
2geiDP8b4rQ3Mc9RSUpEETwySRGpnIubhHay7D60Q+hrjJ5UEKC+Y/7yHFj3aYvC
Z4h/n/m8cz6bdtLpV45OFijybEHoZHdUjpfZqc0gS6NEW1X1cde0gJXdY0HIYlwJ
591iW3JdFovReoeEtVZmvinrrtHlWIXbOUVijarpw6wGZycug+DY3hJguc3lA4Wn
K6moIX0FdyHmuAsMjx+HFMtJC81zg2RatTjTTJrB6osqSJ36JipOMbfAq+3L/VTV
ACBA0YUjdjVLDffr0nidjZ9Fix1o9gIL+b2Ek+6CEas9xiPwrSY83a3m2osBb4dT
wErWj2vpkeI4NAcjs3KWhyoEMEQ8rJ0UxrL+KFfifA1zpMFvgrngjthjYl7toj2Q
JVsvRucrsPeOZwkpsBxguxdeVSPU93AALjNNwfNKy8IAI4KV2gIzlIGtMMFmPxd+
427LNvRsGUKmQx2DsrK1Itm6XqWADTpa4Iss7Qp28zye9UgScXt4N3zgHj7ihf03
LYUkQlXttavEL7Md
=XrOI
-----END PGP SIGNATURE-----