A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security-reporting@innio.com
Expires: 2026-06-30T23:00:00.000Z
Encryption: https://innio.com/.pub/key.asc
Preferred-Languages: en,de
Canonical: https://innio.com/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCAAdFiEEDc2CwnXWtGOjSqwjm5yjtlWSt/wFAmh1kxAACgkQm5yjtlWS
t/y3YAv/RZsg5DVVtCz6NnSo3RPknbTz92CP2fhupRDam134BllWkpal4c2CccM4
foJDe+K+YqL0kb7/T6J8FZVXs07zNWxPqlo6x5PIt7V72qfYYm9jRdK8jVE0icqe
nbeYKj8VRj80TH3XakmkO6h4IU7+nx9dBVj1RvRHhE9Wh1qlXWUgG4I9XjCTE7uE
U++RDDryC56e2+ivXX6raiJtBk8Q6bpKhR5cjH/+3UJrG+hnZw7293DcOEriIJRj
gI0VTZZjcLdtOVW7aBAwbtw3wWwTsi7sjWDcK0HwJmvnNEaSty7EGgegBruyanWT
CGC1QyBu22+5a9xFZdCSHyQqa8jh25q+TjI4WJKv0eTZqoSiD7GHq7nhFjA79EOK
41kCnOw/5d2v1e0BnPM9IMi/rRmQHrk5P+opcnCZBb1x3E+SKO4mi5umtyO0IICx
ww3VUx8YR/TR1z16lVIu+0CbpySjCQuQu3Zkl29KGe97n0TtoJWJHbT3oof0XX+/
3CitAhDU
=ESQO
-----END PGP SIGNATURE-----