A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:nils.uliczka@darookee.net
Expires: 2025-09-01T00:00:00.000Z
Encryption: https://darookee.net/key.gpg
Preferred-Languages: de, en
Canonical: https://darookee.net/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEJtR5KIJT8sQdTgCAeEuf8WiM124FAmbexaQACgkQeEuf8WiM
127/tw//UlUf/BrSKmjmDVupdi0REl15xBl3CVpLprOJEn6HpX9FX6q3t9FXuvko
Z55FbLHZKoJB9OuxbKe2H9f6feSsjkenyavH+ANBgsKG6te2M8gR87gH1kJc8cnl
BuxKn8AFgZ4hS+jdyWmLQuElGhZf/vBAlR1+LvF4xTIoqnlL6DbM50pK0Cz409qQ
8jcIvhNGtXTgjLtv9LhmW0GDvUiYyUXZ7h//zPfeW2LrgbTv9QJBAXzi+J/MjjX+
NOeo3ZU/S2s9uDMWW7xliW4Q9VS3tDwD8X46brSNyIung4NOZyJXNvkBbDmZ5h7j
xQM/yi+mMp+/r1abcCEfSCLjyf5LAWMxID/zRFsEVeODkErvkY5qq7iIuVFBdj8e
ItgZOqbbR/Q5FjhI/FwW88qlaLbzyMtUnF/EBtuSDWjFXbS7f86c8ncWUyoV9jiD
mv+qUFWi76SQhO4oPaNoTmb1d2/DNWas/aIvnwv+eekSD30H3GpVgOU1p/b6cdz+
9aqNYoxyvsKetIlq5Jj1xV1335dPIUmVp0oF1ph0bjDDUOgsHl1UF4LfQXJJPxku
LHZ7O+jzFctaOWbbhEsekbA6yh36QNUqKRnTxlDsaYuKj5ZgOENOtr/y/n1X6DmZ
xEjaom3cLLgloRtOeN6riY53RMCa8M0R4PK/jOaPyOGb8RGznrI=
=yooN
-----END PGP SIGNATURE-----