A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Yes, I know that our web host doesn't support HTTPS.
# I have no say in that matter.
Canonical: http://etcbuild.com/.well-known/security.txt
Expires: Thu, 10 Mar 2022 16:13:58 EDT

# This server is managed by Vectro Networks.
Contact: mailto:ccogle@vectro.it
Contact: MSTeams:/l/chat/0/0?users=ccogle@vectro.it&topicName=ETC%20security%20reporting
Contact: tel:+1-203-648-4439
Contact: https://vectro.it/contact-us/
Encryption: openpgp4fpr:28D750EE5C6EBA486A490601F0F59242F96836A0
Preferred-Languages: en
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEERASZ7KOR4ZiNgtKI5kd5lzggeCMFAmBPwAkACgkQ5kd5lzgg
eCOWlQ/+M7aCy9L7ZPUyyqmnZ3BpVUbV9uPYLLE1rjAK4ltt8eWT+Mq9xQQxGIli
KFmgXOK6i0/j1XpDBFAJfxxzLjXTXa+m3jsjITrxmiQhxy1Eb7u0cJq7p09h98mG
WAIwr/ub2FTbvVo6wOBPx76tIOk/FMC42MuVKRV1xQDp3Q5aN0a+f6QbpKoLz7G9
WAeg9qikM9NHhTJFz6ol9/lxBcgUA7i/Hcnk014lwSaLUuPUJYG4+ZVAY6r0lpt9
WbZaYxfO3y4yDAYRL2zRSuZEiBICF2QH3RDSXOqUc3oDLdPC76yGWxCSXwUOj9Lu
o8MEYzhVZhrrMNT1krcLk8cnI+0Z81s0zxp+GcjdUMZySK9yj2eeFknnHH/4hZks
NALgiqTr7PJVDGvup7Iqq5NSCr3yazgbbWZZvqEJrE/DWBSjA9VIiSD5xY7/042T
E8k+iz3g6nxPSM1j6aowziOlttjaGBN0OlEhGcaU1X76/HhNgEtCS2CRnthyz5Mu
dPs8tH1BwdYe/wbZdXX3ObF8RGL3ulsdHdj/nMa7Kq3hweLfARrfPxUetoXIlco/
lxpdeeDDe+t30DoOVy3FcweXbrR3DxQBKbh6UsPUoHWWzTbrCzGfm5fEmyeSAQqo
qcgsxc235Tx6xjOqQovsXdcAO0/2tnJMVidhzyWxDHbuFzGxd98=
=8uqA
-----END PGP SIGNATURE-----