A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

Contact: mailto:blame+sec@jeda.im
Encryption: https://jeda.im/pgp.txt
Preferred-Languages: en, es
Expires: 2026-04-01T00:00:00.000Z
Canonical: https://jeda.im/.well-known/security.txt

# Please report any security issues, be it in my projects or infrastructure,
# or anything I have significant control and management of, to blame+sec@jeda.im
# Encrypt the e-mail with PGP key 8060B288C274219D - also available at
# https://jeda.im/pgp.txt or https://keybase.io/jedayoshi
# Describe the issue(s) on its entirety while submitting your first e-mail.
#
# If there's any preferable contact method for the affected target(s),
# please use them before contacting me directly. If it is my project,
# and you're forwarded to this page, then feel free to directly e-mail me.
#
# No bug bounties are offered or should be expected, but I'd be grateful for your help.