A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security-w@fortmesa.com
Expires: 2041-01-01T00:00:00.000Z
Encryption: https://fortmesa.com/security.asc
Canonical: https://fortmesa.com/.well-known/security.txt
Canonical: https://vciso.app/.well-known/security.txt
OpenBugBounty: https://openbugbounty.org/bugbounty/FortMesaSec/
-----BEGIN PGP SIGNATURE-----

iQJMBAEBCgA2FiEEy6cmzFCPZBs0WTyBFnk/yCY5xKkFAmht73sYHHNlY3VyaXR5
LXdAZm9ydG1lc2EuY29tAAoJEBZ5P8gmOcSpIDUP/ReLQ+VbsunxjQf78mz7DZvN
J+zu5jRWPeAGFeRcFWEySlzieYPUVDfa52gsww3FFq6hOB+HNhxg69nZ60kKgwOi
2pL/KIlLYQsDMv13g3NUZ4nLvPcewbyOL+HvAZIFVkZDb2fKU46ebtocRCe1gCLy
ppG6FLdm8LumNAzB+E3QwPcYHCPEqmr/c605lFWqkkUgChXMVP8Ew6kBm/L7EgNL
IwEpPbhuazQoaFFXp2sqLdaj6fbo0sqZuIOPWoSErQ15ndoGRhVvPZQNYWOQs4D5
ZwCH2WrgV9BT4BykcGJRMoZd+CPRxT8jbSmsmWWMTej98fD0QMyjvOWvMq6QGstP
I9HQvDvy98tmTRYUTA/Ir8kODLqdrvW39oR9eXzNV99QMLlt9JBvH3qFV86D/w24
Zp80KMY5kq2pwkyYobhAAHcTl5kG6ySzdPOlsRQ5nEBP9/sVRgdSv/IQeesoJJSL
LPy7nFxrR75bz4HwshXkaSWM0bQg4nMj7kfZnBgNRjiDsRsib4Ju41dVi4LbOZus
iNpuBzPd+s48hv2DANXcX9gpEUSu6X9sXwzSDbmAPn5T5gG1HYBIyUlsd/iwlMAP
VPNtm5G79rrOxtMMIZX3Nr7BHgykQlha5E4GZpLhChTxK+tj7NX2aXG6dBbMaGHC
13dbhiEKUlFp05KK2g5r
=rVSa
-----END PGP SIGNATURE-----