A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@berlinonline.net
Expires: 2024-02-11T23:00:00.000Z
Encryption: https://www.berlin.de/.well-known/berlinonline-security.pub.asc
Preferred-Languages: de,en
Canonical: https://www.berlin.de/.well-known/security.txt
Policy: https://www.berlin.de/wir-ueber-uns/security
Acknowledgements: https://www.berlin.de/wir-ueber-uns/acknowledgments
-----BEGIN PGP SIGNATURE-----

iQJOBAEBCgA4FiEEc1xhoK1gNuP1Ua6e1t286OTzxkwFAmPqOnwaHHNlY3VyaXR5
QGJlcmxpbm9ubGluZS5uZXQACgkQ1t286OTzxkyFjg//eAQrtZ6RARsPN/XjUKDM
j1ZQLY5hdwU63jrcEAQVLtNezr7a41u5bD7/gS526Ux8ttFI+7az8lR7qLaq5Pf/
1tFXvEiFMtju7UrlRREWipy0uJj8Jgz74mlqIoBhd/+t+w6jJNMZUaJhsKcUjBlZ
MCTvpK8ONxU63Lk7ovDznVwpHHxEJK+3HrsNckAVPDL7qQphcbzu4kf4GJlWxsjK
cr0OOi76ek3ZR/yHv3+saWpopjDtj6RNouDsfU9NSZzml9fPH0aT45EgDP3b1Jui
jufckMdeC7J+OfstF6kxtYlKqRz6WnWKgxJgObEyISXTFFdcUKGKMNB7YoY+L5Xu
9y8VNdYPo+YCY+DRZVcpn447IuuH5eaPZ7pSLvqWOzmXPJJ/IiPfiisiIp+XDPuJ
saKMCEeoeKTNk2+Ss/a1AC3bH8jtYBOKWDl0HYremWQCDPJJOS7cpedE1c2Xckhe
PsZaDYKHQK07eSyvNylsGRBMvuebBoTrVoKC0KuWoevHxwq3ajyB2PPpYClL14q0
nLtlDyBQAt3gu7THk2PRrRI9XHr9wFYJZNVDFTbw57sq3AEbjR/6Np3KcigsrKN3
gs7R8aZe+trK8DcX+A0bQnrtBcLXOqdttT7IOV0k09TCsf3A3W7SD8wiRx6X3U8a
cxpuY5PPZz7TX+BZXLw4iUQ=
=R6uh
-----END PGP SIGNATURE-----