A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:andrey@sitnik.ru
Encryption: https://keybase.io/iskin/pgp_keys.asc
Preferred-Languages: en, ru
Canonical: https://logux.io/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEExG2lfbgJdcOF4YvFY7wk2Yx394YFAl/FlX8ACgkQY7wk2Yx3
94bDWg/9FKvircwzmdvqpgNn9diYnaq9pEe2/sq6ZkuQUCv1VViMfDUxa5rDzUJ5
w1UeSWKC+1esm3gHk6V8b+ZUx9XEUTr4Ixgj8lglLPp343UQYakxgotk0nYWPyW3
y0lLEZXyTpzbfJpLmiklAYzUJWBdd+EYfk6TInxgADaUJC9Qhl4tZHNHzeKqofoy
s0BAOI/0Q8lEs5NZ7Q2nP8+VbJbUGc+0YSKxMG+33PBDSR7u3lELg9D/UnSNAVlQ
T3QCyCrhfeIJClhlxSycngbao639z4aEmZlLPLZM0FmGbxNCNj7QZo7ivH5ZmWuc
yCED5YMER6/nJqSXpRAeVZdmbj5hOyPTl0g1JenoSwrLqUD6vLF6VheQw9Hx4YSY
3SCOhliISIsMu3Z1J9gZXvCcv7jbdwMr+naaHO8yeesUJnrxgAOfOgsN4gYP7Tfk
E3z641C6Bb160SNP0UAtCUXKCG1fQceHS77TKTNpCfIjnzMSlmuqBun1Q85b+0sM
C7MLyU41CByCv1VzWPDkn/uRn77EEGDtJdqnhop9y5Lj1Ye8E40uAlchSSd6tyIo
StY3MDtl3pfGw3pMtEwWmD8R8Fxq/xbsbd87Dt7Xbui11DslMmMeoG73WfEwqIp0
fmlWZJVIsjb7n24GrlV+RpiRogtkmnqPE43+gCx/+C/S2V+thN0=
=ZfJV
-----END PGP SIGNATURE-----