A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@scrimba.com
Expires: 2022-10-31T23:00:00.000Z
Policy: https://scrimba.com/security-policy

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEHvczeCy4h8TtjUHlzFRiXhnV7awFAmGU5I4ACgkQzFRiXhnV
7az12g//azB0isX4ZFaDQLcgBRJqVIsjgnTMi//FU77F4g08b1J+gwG32Y4YuveA
bffiF2EleSop+vBqvx921Q2oZwmwLsB2kYYpaPs+8LiyoS3Cy1AdrJ+LBUQy6JlI
CTBO428gAD9Y5WwNYScHd6yCnupHQfKMIDhezTn2/YF09CyCx8EA4G4hY0NPK3s3
Pw7vVzhgc04zRK5ihaOeQX3N3xnQJteYYN/mOSUofhNP7UG/GGsuudaBsxY8l5fM
aWb5UB9EWHn8Gnewv04pltChX79U866TpHUsagg0xLHScI7QdtCeqOApq2lir7rM
G5KygC9evEz9OGG+3i7JnS7+yNMnYgUlCVhLUU0cJRpjvjwx0iO6N4cZ30gHn5bp
37jKNeGDOIri25xacaLJorHBvVKvAaHmPwEg7LaM8naDEVl0dAJY7BXg+0LLOvt3
O11zsEjnkTo+ZpP2jtIumySv/1btNZhLaZm0S+89qzV4tb1AyAKyrfaY02HGTaxd
Ac3fAgHl7PPkgNG0825UITYtS/kNMIgFkE4/vG+YxBmky1N3edDiF2kGLvCYaypJ
Kgld2fqpEUbQRRUCxYJhuzo68o+7Zb4CSGKuoM4aqSl31TDvcRExanxjIKJ8enlu
AlamjGl0Eib2YdGUBzMFUSRGkRX+Z4L/vLEGA8MxQ2vz6ja3urM=
=RJPk
-----END PGP SIGNATURE-----