A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Canonical: https://mountaintree.net/.well-known/security.txt
Expires: Fri, 1 Jan 2032 00:00:01 +0000

# Security address
Contact: mailto:sysop@mountaintree.net
Encryption: https://mountaintree.net/files/documents/PGP/PGP-PubKey-0xEC4D210AB32693BE.asc
Preferred-Languages: en, de

# Disclosure policy
Policy: https://mountaintree.net/security-disclosure-policy.html

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRMeGKjI6niYoOpBGrsTSEKsyaTvgUCYaT9OwAKCRDsTSEKsyaT
vuAXAQDjFuik7mfc8IsyqIniU8snN5Vvhsz8lydkPaoJKgs8jQEAmyyAIZNELTea
vSWQ4qEmExdOHLv08BX++cznz2ZtRw0=
=GnbC
-----END PGP SIGNATURE-----