A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@asperalabs.com
Expires: 2024-10-05T00:00:00.000Z
Encryption: https://asperalabs.com/pgp-key.com
Preferred-Languages: en
Canonical: https://asperalabs.com/.well-known/security.txt

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQGcBAEBCgAGBQJhXg/SAAoJEH/gz5Z8LgsJn2IL/iLakpvr82w+HDpa8AWatxue
8Row8l9/ljvJUEG6+L+tm19EooxjFozNThNTYfZ7aC3UUC2rjK85K59fFHzFHfXr
6wVGu4N3Gpi6MPvYxdyENDwOJMWkc7QlZu8npdHsiDWx6H0QK+2IiNG2H0G5KPpG
Vdcrg0Y3h2uLdd1ZVfX19z206KVMAkGf+x3FQ+Qaq588HXj7ZG/TDinW2bK1TAaY
ZVt7Xg+mqz/8YYfvWvaIgNQdBBqR7ty3rdd1D7LBOmxSx3zx7iJI72v0nIZIrx8G
L+y88Me0Dlg1A3zFb85oFypPUoaBMs947I9WipFwhi3bBiXK8ovCh9YSmE1PYKVq
a92xu3cIWojU0f8iE1bjAp/HgQtGojQUNtLMnPW0FJo56peI2BNLakxBXAuyfLSz
gTEsF15/HNiiPmuCYTxFVJhRg0RwnZbcn1+19raFRtIHFj7+utrmyNqlaANEwhcH
TcXOC4+G7L9+HDzP6ZycvhY+fsWOm0VlYHWijF6sOQ==
=sCpt
-----END PGP SIGNATURE-----