A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@cyon.ch
Expires: 2028-06-18T22:00:00.000Z
Encryption: https://www.cyon.ch/security-pgp-key.txt
Preferred-Languages: en, de
Canonical: https://www.cyon.ch/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE7VF3Gj1z/oTB37OMMFy8/HEwpmQFAmSSw2cACgkQMFy8/HEw
pmRZlA/9GYFUkIve4Dt3B/DDbsy1peHJFp5bZcxDhr2L6U2/Zx3mksDKhmGqUaQC
6duoag9/nlBTsaUqtlG8sXTJwmxLAnyEO8QmFynjUMOmXULK+fPbt++jFAaVopA0
TqX1/qVvOkHcVGd0p+0n2lFQCCJSHMD+QjCQFA7KT60utp5ggdA1kHSUd+lT1gtU
BKpS9V02bgS1aA7NZ2BwLs7fFE83rhWYi6sF+qqOJyc2ne3qjJQW9WlFNtHOZ+z8
IA/p+Mn/YNqd1ZzWSQDDS6hv3O+cMvdBDg3nDOHibRpRW+0Jqs/zbVgnlEUXsb+R
nVWxZFruy8qEJsdv01aZ/NOTWFSUvV/HaSpsrfpuWgQF9jaCc1Iu9PROW/ElX4/N
caOA4WzTe1yym1hbwdSR0QvBWKu2Pua0yOG/+dO8d8UMrV8l1nFDDkwss3aOn+VH
x9T3oQZJutr/Mx2ce+S5UxOzCpceE1yM+HLTzkws37+p3QwGplk9z+4ks9pVVOmu
BPCEPgLgKZ05QnoLlqWvsdl0hIDiNoc1Bx9w+/W4Q08B9K3DF65sWdEozgI3x4Dk
Z13XrcQR1jSxBwlAIDl1C+7vhvO/gWMLJL6BPivuUOAotc1MZeu5F+48qKN95vZo
RG7OzrAmQrv6qFGMN9ZP5cNYQv8MfrV+lgfvCliVX1ROCZqpbn4=
=riTH
-----END PGP SIGNATURE-----