A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Vulnerability reports should be sent to
Contact: mailto:productsecurity@netwrix.com

# Please encrypt reports with this OpenPGP key
# This key was also used to sign this file
Encryption: https://keybase.io/netwrix/pgp_keys.asc?fingerprint=e9408e791451ac20cc1ad5942304ffbf10db3d09

# Please submit reports in English
Preferred-Languages: en

# This file should only be trusted when located at
Canonical: https://www.netwrix.com/.well-known/security.txt
Canonical: https://www.netwrix.com/security.txt

# The information in this file will be next reviewed by
Expires: 2023-01-01T00:00:00.000Z
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE6UCOeRRRrCDMGtWUIwT/vxDbPQkFAmGVa14ACgkQIwT/vxDb
PQkXDw/+I9FFjDMURnTjQfvvHevPxPLH+deiX9JPK41Piq4kuj6to6DNBQ7O8KE1
Al5XCWQ3goOM8kPVobTh07HyWTX2QI4AHWGyYr76T2yxdCeCoauz/m+UuEzewYS1
McAdIAj6k+xoojfxmEb1pQDYNAiJPAX/4o6kZxe6bBjoJH6Ljt6sAek229jdekV+
MgyF4fcEYJrMCdz4/tN1rtB9XgBhLj36fxE3Pq23XetMTo/b6pqIj1KC9lnxARkM
5otph1eIaacVt8iWskK4wR9UWm+DSOiFPMOjLhIkaRi7eXTZnOTzCstl9Dow6dhr
frcX3PXPgBLEa67SHVp/zMrxIRwKVwyvhgYkkGV1Aaf/Cw+2SEx4R1uO8i9IvBYT
8xWJfykW0/zKI4GktyUf+1v++bD20N3O4NYRlVanvl5eJcx+1Wn4KugdidKUjPeE
FYxVUwkekcVFZDgm1JXWp/6PIW2GSEkLMIjkOX3Z4aQSx2+7S0/nD/604K/wmJLB
bb+XuzHfs48KXzYru2Mqe1Q+UYSyBqgmLkQSJu2LyvL//NIk20g5Mb48UeE3SQPd
Ufgemg1JAl4yxy3rjEU9HqZGd25Ya9ShZM7+h91UGbmy3r+njY72yzPlpO/fvW1q
95j0kPnJLNRmVox+KH76ia2DZpPqcJnQAKJH+vNz344kc+6g6xA=
=QmF1
-----END PGP SIGNATURE-----