A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Curious Addys, Inc. security contacts and policy
# Curious Addys, Inc. is the operator of HeyMint (heymint.xyz)

# Our security contact channels
Contact: mailto:security@curiousaddys.com

# Link to our vulnerability disclosure policy
Policy: https://heymint.xyz/vdp

# Disregard this security.txt if not found under these URIs
Canonical: https://heymint.xyz/.well-known/security.txt

# Languages that our team speaks and understands
Preferred-Languages: en-US

# Consider the policy stale & invalid after this date
Expires: 2022-12-31T05:00:00.000Z