A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# If you would like to report a security issue,
# you may report it to me on IRC or via email as follows:
Contact: mailto:z.c.r.a.y.f.i.s.h+security@gmail.com
Contact: ircs://irc.libera.chat/zcrayfish,isnick
Contact: irc://irc.sdf.org/zcrayfish,isnick
Contact: ircs://tilde.chat/zcayfish,isnick
Preferred-Languages: en,tl
Canonical: https://gopher.zcrayfish.soy/.well-known/security.txt
# If you´re just using this to harvest email addresses to
# sell crap, don´t bother, I´m not interested.