A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Vulnerability reports should be sent to
Contact: mailto:productsecurity@netwrix.com

# Please encrypt reports with this OpenPGP key
# This key was also used to sign this file
Encryption: https://keybase.io/netwrix/pgp_keys.asc?fingerprint=e9408e791451ac20cc1ad5942304ffbf10db3d09

# Please submit reports in English
Preferred-Languages: en

# This file should only be trusted when located at
Canonical: https://www.newnettechnologies.com/.well-known/security.txt
Canonical: https://www.newnettechnologies.com/security.txt

# The information in this file will be next reviewed by
Expires: 2023-01-01T00:00:00.000Z
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE6UCOeRRRrCDMGtWUIwT/vxDbPQkFAmGVa1UACgkQIwT/vxDb
PQlOhA//cQt1KTTI8C4fW5yYpswuCV9jGpj0tNsSpjI53JU4ZlxsBy/3gCxMY+8Y
R8RNEVdTmoB6+NvdPt2IuDVi9rQIrR3cTUJedPTcge05ebVSeC3T1YZiczER7u39
bDJ18HyzuwRBZI9NS3Gq+IxwTZZk9+D9TIwYfRfHFe7rlj6jB3w8k3yLDuxDDd5j
YKJ817Z5byKiFkw8we+UO32t9R/D+Xk6zV5Bg+pqqk4Zog0ziZ+CeVF1mFej64v/
rVaUFwP6V+aRSiZkOHucaq7hz6PRkKZ0VwYuPKvGmkzFdP66KWpvqTGBKe5/eMxl
XWh7iaakRzBWRktttiGlR2b4B7SSCm8ohNtTwp5syQkw3X+nN2U37dI77+NPhKIQ
vxfihXMmNz7Hn8fqk613xdJZWdwl3Q6oY184/216M7mbQzyoIyAZ4wdTNIxIHak+
A5tc0UQB2UrVzCs91Cb9xNvEKx1lGz1vqPWGdzVy6wCFf7BVYoVbV6oirVTnJFjl
5IYC1WsryHI208A2EdQ1t8u0R4LJaK0GlvuxT1yNiD4kEhcLctGLp7ve8aiEj2e6
CD0XItX0bRk4PXP3/2W4DbtSjIoM5jwpmXBrQTgv92JfxYbK8hxmL7IqXi1tQ7hT
StWiAFsEUwghMWaBOAu4MuRFzm/G+wrOL9DpCpzQmmZoqP4GZKA=
=4LZC
-----END PGP SIGNATURE-----