A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@cleverreach.com
Expires: 2024-12-31T22:59:00.000Z
Encryption: openpgp4fpr:A2B7E482E8CD57A4D1A8160962C0E323C740650E
Preferred-Languages: en,de
Canonical: https://cleverreach.com/security.txt
-----BEGIN PGP SIGNATURE-----

iQHNBAEBCAA3FiEEorfkgujNV6TRqBYJYsDjI8dAZQ4FAmR4q4IZHHNlY3VyaXR5
QGNsZXZlcnJlYWNoLmNvbQAKCRBiwOMjx0BlDp4LDACEWaSt4ibYlKhZILIuKmCu
kfRBzoFp5sOxlKFOyXE7SO0BbsAoI+GEzFM9J3+uo8lGEZYh8nMnGPDuo5JfNQu3
J/IUMxMhp52kU0dDyRjne3EQlDfhdmoSweRFG8+5gBOb+GBGEY89FrPW2OAMIqwO
3ddr8xUugZtPgaVNAVYTbkvVA0JDSpfH/toChBxvAWoJIpkLEmvNvI3P1r3ImVlU
VDTnsi7wHUt4PdPOL3JDnuT0XVfLkMvn63hc6keutazjormlZZSCbs0T2VMCvmHs
BSxvvIc4g63UcoEaQprnNk2iLQD/h5EYiFc93SsRTZv4l91S16o0bbIzIosfBa9M
A7crJKZ2UMiSBBb7ZIu6IvOMxqvKXb7r2ZlZ7ZBXXattr3x6W/fVhrz1wS8AO6UL
f+4lBMGyKU4w7Nj8qXLD7PfGbpyttzk1g4sQ8hFLxQxCDZnkwOqECI80c0anvcby
LvTp8EzdfdGZJmcPKc0eVQp6qeZY5mdm/xmwvBiWELQ=
=N+6H
-----END PGP SIGNATURE-----