A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# You can get a minisign signature version along with this document. Just
# append .minisig to the extension for the signature.
#
# My contact page and minisign key is at the listed URL below the email
Contact: mailto:security@jacksonchen666.com
Contact: https://jacksonchen666.com/nonconstructor/
Expires: 2025-10-01T00:00:00Z
Encryption: https://jacksonchen666.com/age
Encryption: openpgp4fpr:786EFFD632E233EF3AB9B9CC9E4FA9055FFD9E30
Encryption: dns:dc355ec75a2dc4a1d29582933b52f9f2ed71061432d72e1991d8b154._openpgpkey.jacksonchen666.com?type=OPENPGPKEY
Encryption: dns:2360697cee7388121d1da733ea387f6bc83423ebc8d052acb1aecb04._openpgpkey.jacksonchen666.com?type=OPENPGPKEY
Encryption: dns:5d2d3ceb7abe552344276d47d36a8175b7aeb250a9bf0bf00e850cd2._openpgpkey.jacksonchen666.com?type=OPENPGPKEY
Encryption: dns:8294547e9fe9367f291a22598513d897928d1a0eeb713ca2b41f3197._openpgpkey.jacksonchen666.com?type=OPENPGPKEY
Encryption: https://jacksonchen666.com/.well-known/openpgpkey/hu/t5s8ztdbon8yzntexy6oz5y48etqsnbb
Encryption: https://meta.sr.ht/~jacksonchen666.pgp
Preferred-Languages: en
Canonical: https://jacksonchen666.com/.well-known/security.txt
Canonical: http://x7ikq7gwf6vnbvrc7b36nkcxnw7eckwaricmjbdvrajoeql2ccjb5aad.onion/.well-known/security.txt
Canonical: http://jacksonchen666.i2p/.well-known/security.txt
Canonical: http://[224:2a:86e7:b0:8727:3e88:c92a:c219]/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQQFdTkmENxv1Ly2EW3yQfmHGx0cZAUCaFs4VQAKCRDyQfmHGx0c
ZFA3AP9KUohkVtjofkYaRmNWcjvcyjsGNQvefHD6cTxHqkl2AgD9EtY6j+79Z23E
SfPXPM6QUoiF8oi4xrW68S/QGJza1A4=
=LBuf
-----END PGP SIGNATURE-----