A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@gonce.io
Expires: 2023-02-01T17:59:00.000Z
Encryption: https://keybase.io/rickardo/key.asc
Preferred-Languages: en
Canonical: https://gonce.io/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEe59bUm14S2lsDPiVaZaGFzQE8EYFAmHzaOMACgkQaZaGFzQE
8EbonQ//SlSuoPff0+rJn3OEm4qfQO7BvKp8E8gg7d591+k7Tsj+WFCLoaEbclRc
aW/wxqR9AgDz5HPIHzawx+aTqlX8s1h9ewDi48KywnLyhdJmfiIWrfZZf7G04b1u
vKrVa5krWFOg8wszL9B8PXoTyWHJOTHFGtBTwkSA0hY7Rva+3WSYZguKdF2E6Mak
dRtOvSGMeFI0YIJbvM8nX15GvQoDzo8cIn4znm1lD/KxsKWjsCDiqdbfUc0PGB7u
MYITFlO7dcFQXCkQ/zxZPoxzescEY4Ydffph636R25A0FvUoNdGWngK40ZE2mFzP
U5RF2JHzUFBLRiUhJYJ83Daobi50UYXZpQrG5Q8UmrKstIZzZR9KeXC9vvJDWea1
TyH4cawzppplCyjVENzScMjvmckfWGGVO3PYSz/YAvAVoPKOY8NziK1X0cvjxwnh
jfRpVUxpXRC4H+kFbGaQxkF5u6NTxftKOnUdXWPZdv9lLfg1htzFp1eyxD7pkLiu
fRS6sMm+JtfMtIpaoqWqGAsH2hfJvpiWzo36Chh5VKCmvksitezUmRPMnxh3YV7m
z/Yqk5IATTZo9leLo9/lLPA84ooZmD2ortfZzxmTdtdiIBmbOYyDHrdgW4PoyQ0G
mH48CuZVhICkv/f2spOcRD+F9gq5vES1lI5JOjClO5Ir/R7ktsc=
=Wep/
-----END PGP SIGNATURE-----