A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# This site is a small, independent, personal site.  We appreciate all feedback
# from our readers, especially if it helps keep all our visitors safe.  At this
# time, we do not have an acknowledgement page or a policy page.  (These may be
# added in the future.)  We do appreciate your discretion to responsibly
# disclose security issues privately and allow us a reasonable amount of time
# to address any issues.
#
# Since this gets asked repeatedly of late:  We do *NOT* have a "bug bounty
# program" and we are unlikely to have one anytime in the near future.  As
# stated above, this is a personal site with no income.  There is no "budget"
# to fund a bounty program.  If you are simply fishing for money, please look
# elsewhere.  If you would like to help a friend out of the goodness of your
# heart, or just want to make the Web a safer place, we'll happily listen to
# any suggestions you have.
Conancial: https://www.jeffdarlington.com/.well-known/security.txt
Contact: mailto:jeff@gpf-comics.com
Contact: https://www.gpf-comics.com/contact.php
Encryption: https://www.gpf-comics.com/gnupg.php#jeff
Preferred-Languages: en