A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:tech@bod.org.uk
Expires: 2027-01-01T00:00:00.000Z
Encryption: https://bod.org.uk/pgp-key.txt
Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/135330D152900C9CD4C0306AA39A8D42B94E69D9
Preferred-Languages: gb, en, he
Canonical: https://bod.org.uk/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEE1Mw0VKQDJzUwDBqo5qNQrlOadkFAmR5sx4ACgkQo5qNQrlO
adlcFQ/9GtrdT+YEQVShedpjmcQQTYirZ5lg47Rr94q8DkDcg84k2hnzI8QDPgxA
CxlXmEilM/oMWaSPuCWvnDxgaiLLwIXCGLd8uhVQjV6gu4AfhfM5fvUwg1ikdiRx
oxgxauQW4V4pLgLSd7OBW7pPVvHUqCHiBTAO1JbHDu6z0OA8aJQhe49JEzfoB+Fz
d++gpZGJ5crkoV01UwH6EZ8AD78iwjgl1/NWSiKYDdVn1txIBi7f6f2psweork3/
e3lIhioUNbkrPhvM+1vUYvuU4MqnwbjCQLQtW87uoI9brwBWfAPSJUvgkPgPhS9H
HE23OCRNvl0nsYVT/VVIRBplaDRXIBjdxCdzSwViymhJgLdwJPo3UrVFnSBs4HgY
Xp3N1Y9szfZlxKj6r3Y0dAnciWVx+yOkxQSO2SWKxu/rjzyWCohl295RQixt4zJ4
00PQhuo213HEcPFKu94EG359o7SA8mG4DQxu2OWzxOPim9jGCIeKpJk+lbtv1IN6
hUjCgiJmguDcj23aHG7xPKiw3gxd9thTjgAtV83szD9s8A7Phvs+jLApWVMH/lEc
aRkNTBWSzWCS1fq/kz7vADCRPYOXHiMRtzIas570KdklMrWwfA7NuSZqluWws3Uz
RcOSDBg3RGNCLVSRARZekOEoMfJAUSYeWDYsh/08Ed/8hDWPTAM=
=j/NK
-----END PGP SIGNATURE-----