A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

#Contact
#A link or e-mail address for people to contact you about security issues.
Contact: mailto:roberto.paloschi@dilium.com
Contact: mailto:roberto.sommariva@dilium.com
Contact: mailto:donato@dilium.com

#Expires
#The date and time when the content of the security.txt file should be considered stale (so security researchers should then not trust it).
Expires: 2023-05-24T10:30:00.000Z

#Encryption
#A link to a key which security researchers should use to securely talk to you.
Encryption: https://www.arstud.com/.well_known/key.asc

#Acknowledgments
#A link to a web page where you say thank you to security researchers who have helped you.
Acknowledgments: https://www.dilium.com/chi_siamo.php

#Preferred-Languages
#A comma-separated list of language codes that your security team speaks.
Preferred-Languages: it, en

#Canonical
#The URLs for accessing your security.txt file. It is important to include this if you are digitally signing the security.txt file, so that the location of the security.txt file can be digitally signed too.
Canonical: https://www.arstud.com/.well_known/security.txt
Canonical: https://www.arstud.com/.well_known/security.txt.asc

#Policy
#A link to a policy detailing what security researchers should do when searching for or reporting security issues.
Policy: https://www.dilium.com/informativa_privacy.php
Policy: https://www.dilium.com/politica_cookie.php

#Hiring
#A link to any security-related job openings in your organisation.
Hiring: https://www.dilium.com/lavora_con_noi.php