A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# In the event that you have discovered a technical vulnerability in one of the PR.co systems,
# we encourage you to report it to our PR.co DPO contact using the Coordinated Vulnerability Disclosure program.
# We will make sure to forward your request to the appropriate unit to be reviewed and resolved.
# We don't have an official bug bounty program, but we do give out rewards for unique reports of a significant severity.

Contact: mailto:dpo@pr.co
Preferred-Languages: en, nl