A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:m@mikaelf.com
Encryption: https://mikael.keybase.pub/pgp.txt
Expires: Thu, 31 Dec 2021 18:37:07 -0800
-----BEGIN PGP SIGNATURE-----

wsNcBAEBCAAQBQJgajtuCRDkldeppW+rkQAAlwcgAEQAhMK/++EVU3ddvyfHr5Zq
Dtftfiooh6sRULJv50KxtlOt7vIIOQlRDfM0OZ8wXF5rGeSEkdbplKCmi2Dx5Ev8
/bRq+vbzkSe6W75PS8Yol1agO9hrP1/NYZfkFzKhdyP5AMT8Z+x3SM5MTsk1cKAu
Jd7emFM2h/LErJbJY0fd6LrhLA3Xq3nu62mqxB4r32kAP5DWoEyY3pZC+p6jmySr
Who3nKppzwyrKU4mBcmfxAyxTplXaRjiH2qJONvGpQlY1BtMCRsg2t9NhkEjV+SK
BqmQRCoIEm31nSVyg39VWMp9UUyultTFfAirIM63leHbeXg4g+8P9b5wyxgcD6tU
r2GlgC4W/MYGFOlCaFtruwadhyMOhCX5qf3sZmQrpM+FZJIxmTmu5h31CvdBsBrY
0a9n9hMOauRLd+hJXwkNShrTBP755P5aIeuliWIfygm4OxMmBEou7500+gdLvtwK
GnRlfNjNJM1t3p9Rqyu0QJ457Y8a3+sYhaqn+Bsg6iErxwVbi99LTrSh3Wr03Z+S
glXRCOElQOcSBpV370ASXUV6NL6QRQQumYg/RcbPN2E2p2CqBThHmxyW4Gg5L5XW
7yA/nDZKtmqf5uGFGy/KpEvQLD/ajjQMnif74wBdtAVLjpF6v9gzvcCevFJ0HOx9
WxpY2nMtPZLVaoK2n9E56YXClvva8SZ3e/wvcK4Ii0wolQJGuzICEfEGTnRNPUcM
73hncaudIiD+X/x3/vKCpLFHgqaGz7t5iKhtl/2NhZ+rGeOiLM9SbtbrzETywy47
nQt0GzQJqoI5vRis0RKMNQdTViKx7YcRJcTZSSMrjJ1VLAX3KaZ4gwbc5kxxd1TW
bAlXR02gFLI1ktDz4mzTeKRS5ndEm0V67iwYyMHjMvAP5AOZQ3+2TlGWA2LJGbLF
OhcPdE/t+Bckfp1ldGWDIsN1CzAkyUyHGeU/hHkY48FCespg8ElCDROdHq6rcAaS
ExHeLNoPCRjNJeOoonKeQ2CDulzPxsLArP1RIaOzk3yQkyeR6he3k40YwrozixIe
g3zjtWXUgpOiBnQuUf9/bfD4Tc3E1EgO4rAiPC2e/+/JDeLXWV7/U/Iae7lGNwxW
t1q2dvIt1tMQC4z+qNpN6QxTL2mSHMedOHT7mA8IlSZx0v4HcKlULB1IFCIHZynG
F/qjMRf+t+yDGAiYwPSrDfkjFfMX5YCuQvWCPZnETh/FhnfD3C3kf8lojeTqjK1T
WIr7x5s4Fjcsg7dAFBeTc61ieohwCBTJfahIRxr0y/JZpH6SxFzs6y0lLutFWvFX
G00bjcqiYPtiRcHPfM5tCw/ACORdg1ivISQLkk7rwNItq5djoOSD4IHx9oIYWhM=
=5jMW
-----END PGP SIGNATURE-----