A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:psirt-ml@sakura.ad.jp
Expires: 2027-04-01T00:00:00z
Encryption: https://www.sakura.ad.jp/psirt-ml@sakura.ad.jp.txt
Preferred-Languages: ja, en
Hiring: https://www.sakura.ad.jp/recruit/midcareer/
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQTQM09mh22X74NP4RQy9+dq0uPpYQUCZ+8SSAAKCRAy9+dq0uPp
YRw9APwPG57G/XFX/kTIlYpOL9LdPxrEiwWEQUJNi6KIYjU29wD+NR+fQMGi33Ou
jjK4ULqQ/iM2MNxAI9JYFUe1eC+65QI=
=hIYP
-----END PGP SIGNATURE-----