A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:sa@zope.dev
Expires: 2025-12-31T22:59:00.000Z
Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/58953097A0766883E1E5CADE8F50F4EDFE19F27A
Preferred-Languages: en
Canonical: https://www.zope.dev/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEWJUwl6B2aIPh5crej1D07f4Z8noFAmHYQ+UACgkQj1D07f4Z
8np4+wv/Y4+HZOW51RrHbqpgnxDZqxi2kJTPGanxBz+R+u23cmKZ7pvURlEnAsdQ
upKWInZ1Fd9daE+7MDStaJIazCr+n4v+TKl6qbXfgaonkjr9Ja3Kxr0uMYv1xf7n
bFYLy9RoAp6mbZANpEbnwcnBMM+sZPfow2It/4cAwCr6a7B7M5Qy5Wyd9gllukX+
yhlEliS6lnuZtWLcTBuJVSZBGpluUPts27y46ohL5StYLP/6Zmv19BtvDX8t70vq
QOSk2CRNU6ctQgQb8OTx0Fw+haygQGNuNeVUVAR0WodDywOdBoHx/GvMffiHhv3h
WSmPfBv87CC4OAd+eAzgTXGgANEXTRcaVSwlBdq5xp6NMO7ywVwK2ox9iVsxc975
3aRA0rRUpvqhkAvoNfRsLqtHzEpEim8TZGIuYA8vz4RyoIbSyWG1OKbB0feaWYXc
POcbBs9ZhS9WgKOylSPNceu4vRQWw2QsZoMcuTyy7SvWmSSUKRcYNhdxLj5+EvNh
MnMp7AuZ
=U86O
-----END PGP SIGNATURE-----