A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# Contact us
Contact: mailto:security@onlyoffice.com

# This file is valid until:
Expires: 2027-04-15T21:00:00.000Z

# Our public PGP key for secure communication:
Encryption: https://www.onlyoffice.com/.well-known/security@onlyoffice.com.asc

# We speak English:
Preferred-Languages: en

# The file you are reading right now is signed with the PGP key above and can be found at:
Canonical: https://www.onlyoffice.com/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEMnyQI+h8xnQ90CEDAjyYAg61HLwFAmgI4bYACgkQAjyYAg61
HLxLgw/+OzeccUqQTiKbrl3+DvWLfBgT0Yyc1wpOFe+gH34KfsanHTCy368nmm6R
RbWpFRwanOYArut9HV+zYC5qoeBWA5Cz0GvUEYHsirOEXir2+NX1wMPn7lMTghLs
gGKV9b06VST8abJNdpEGjTbWX5/PmLD+iu77a4LFyT6JYyruIYz/rx50MkzPOrch
+YbkOJZBYGielzFw4F2Lq/LlwTAyv+UdxcNXUjoRSK/GoOknIu4mI6Y246D+dEKB
9oVPJ5WD+ENA7gSwQ8DSBqHgvNeqeH8sItHiL9SvsbY9a1qtyy4H/QNAcDyvklWi
WeVvMS83qlrfBuCq7Batrljd4VGcYt2i9sBPtgxcHtYHy8T+caq5SVnpp7169Td8
uwjX1UiyFPghm2k0r33c4DXC85pqEI9mk9j1DdMEtmp0+Yq8N/BShqaBki8kRtnw
LwNu81JyAUEBCgvM/xyqfc/bG/gtr0etBPmJCa59Y2PAo4cLG7g584xoRexXYper
upLp/m3BqJDtwnT/JR/mhzyVbSN7srPTmgXzHqQSVQqgFATnMLkzif1R5mLRL3qw
IQd7C0yjjaU11M3mkGWbJZSMK3QXTMJFTYHBq0ZJz+/tSsOg9kJb0O920eMoTykH
U+Zv4MnyhruWjcsIIXT27McHiNXn5/1URRn3FAsM9Dc5R+WSl54=
=ePBQ
-----END PGP SIGNATURE-----