A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# We do not have a public bounty program, but if you identify a potential
# security or privacy issue with any Workiva assets, please reach out to
# us at the email below.
Contact: infosec@workiva.com
Encryption: https://keybase.io/workivainfosec/key.asc
Preferred-Languages: en
Canonical: https://www.workiva.com/.well-known/security.txt
Hiring: https://www.workiva.com/careers
-----BEGIN PGP SIGNATURE-----

wsFcBAEBCAAQBQJckPPCCRDcwkWvLQUnYAAA9pcQAEhlPfBLUgdvoGa7vzqmT0z7
kzcyTPFrue1SbJmp8AGGDixEpWwrJAr8zhRzjJ4CedAYN/TH1IMSSM9DmBX4I81r
xJ4qOU607XYUiufu+/2QFL1atOCkX53qrJiBaDhbnAvvtgjrQMaa+8rxxEtRciCJ
2sKdEUcy6BWG4FiFJ0dbXWgbOwOOfKPteXOefAWiYRFN+9pBfdOkKnIPjviLX2Xp
K2ZDsqQ7qJU/mivRazlsld560DWjJiEZma3cBMiJa/4njbCM3YPzmXJqb7pqN8e3
DAoLARCpgiY/DNEj5qJsJhvC7Srzlx+zp2w6BLfPFSTbaTwN0BC8GkGThpoNqa/A
cwD02AQuXAgZ0yzRNSd+K6duotoyu60S+nVC7iw2uu3PCk7gaVBYqdd8LQC0BcPV
VUjapAbIpewijmXbJs81gnNh4id+ticYpODZf2lOr8KURxOBIQ8qO22GMxoWipFE
DWIeYxzqJZ394qk4KuaZKaKB3GrOSRcbW9qPnLQyXzna8nAVNF14IUK8MS19fcak
AVtYAkRy5GOBIBGxXFgwS04IGGsEW6tze89PxyyC3Rl4HUFog8DMqXHfuzXQUKzS
kO/u9OV3I/YBqfH3vPbkdYulSdQeFDINpGKspiDD5B31bUhBZ9vQpjX77Jk+oB6o
GZYp1vSXIZAiRs3B5q/K
=x+v6
-----END PGP SIGNATURE-----