A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# Canonical URL
Canonical: https://www.krones.com/.well-known/security.txt

# Our security address
Contact: mailto:cyber.security@krones.com

# Our OpenPGP key
Encryption: https://www.krones.com/ext/securitytxt/cyber.security@krones.com.asc

# Preferred languages
Preferred-Languages: en, de
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE3vItxLD8gaIc7wBB2Y2i+utWRF4FAl3L84MACgkQ2Y2i+utW
RF7fMQf/Z6hKPdBsbo8DoMXWT+K2Ii3dQ7aVAQ7icNvjCKOWbqJxDYkI0DtLudUu
88m5FvCKY93878KcjnIH/JQMmA9BffJfly0iBXKkqDH8LKhRvMMXWrzB5lJEpz+b
LGq5qmx6gUd3hHH+8Oa4/CQ/VbV0Vg7A9YE7D+Wqtw6rr75Dkaw1Yg+iB767nnKi
yF3CsgMn7js4ui2gauVHq+YBvoIoQt7YR3M/hthbD0hu0obrOIBU9U9/PjzMBeo2
L2TfiAR5qHFniwo/DBEhnFkwwd01QrE/JBD1ET/eOcSjFTL8iOZQJV82+CbxVULW
/qLUBGpENrDXFhAb6V25TZ249/Vgsw==
=XkX6
-----END PGP SIGNATURE-----