A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@fg.cz
Encryption: https://www.fg.cz/pgp.asc
Preferred-Languages: cs, en
Expires: 2022-06-04T15:40:14+02:00
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEk1w7GXP88+r8MT9j4+rDkrsm6tQFAmC6LUIACgkQ4+rDkrsm
6tS4KBAAqtfK/Y0N5mWIWW4t060i0n5ofF7a0Svxn2uemM9oXl3HU1sD8y3LDVoN
xuNmkxb2pXIeGEnPeiTNT+/7pdEmqZ8InmPdL6b6B6bYppl9XrVSe7MsF6rqSfTf
CQHuTO5EnQh/MiAKRuqjg+ZmtHDvX34vAu4FutxDsNCx6xlbkiENYv2A/an/nk3w
gHwWrvl9jjxJO7tcloK+OjmQ7dm11dBmAGd2roOQ6f+kPY7eGKORnbUuxGQEMeDi
QM8Hz0OI+JEj8mpmBzy/8vkd2EFRbY/h7a9wJrfmCMfJoyPV/ueTMe4OEtUoCZua
bQa0/SJca9GBEHXrg3xJ/goJ4oWBStc6lRAzl0Mszuc2yH1oiVNO8XlezCnQCGkN
I4Q9Iwxk/vvY9M6Drn6U9ek2h128GbJL+ZidMrYXmvg40CPhkQQIMWHXJPUrw3AU
qMSaGQ4m6mWQg3m7oVwPuVVohCxkn88+6a/0bgOciglAOXzbG9OwPyIVW5YmORXE
H09l1dpQ7ubMvCRdQMw7GFjbPaZQh3ueW4nuYTlRxZMqbPIrqJeSvZypawpkUqcE
j4/Tw3ty3fwLNmYIzDVxbZDGBB5luqQiIkYjcroCNksvFwiML6oVyB2hiEYe1GXv
Oh7NQx4E3IfmrTyWnvnurb3N1duHQq1Ov0n9G/8ruBj1GDeTfs0=
=ZKaf
-----END PGP SIGNATURE-----