A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# Our security address
Contact: mailto:abuse@cuni.cz
Contact: https://csirt.cuni.cz/en/contact

# Our OpenPGP key
Encryption: https://csirt.cuni.cz/en/publickey.asc
Encryption: https://keys.openpgp.org/search?q=3F76F3C999DA105979005B4C2FC53DCB10AA8BE1

# Our security policy
Policy: https://csirt.cuni.cz/en/incident_reporting

# Out security acknowledgments page
Acknowledgments: https://csirt.cuni.cz/en/acknowledgements

Expires: 2026-02-28T18:00:00Z

-----BEGIN PGP SIGNATURE-----

iQFCBAEBCgAsFiEEP3bzyZnaEFl5AFtML8U9yxCqi+EFAmioaNcOHGFidXNlQGN1
bmkuY3oACgkQL8U9yxCqi+Hl2QgAmvPA+VCSzX5ch9+aB+pGkyBs5/kOfvOgg8HK
wRayD+EZIPlKtZyvOauZHwX+8iJfTlj/qpGwnmaWu0fYFuG718Ja7M/eo8bQdOYy
HBSOsCrz2swUxoaLNKQX6GHIMDfiUVlwd+2MHhe0qpy2ppmQkRT5dtJ1tsjFoATa
7FOmeKymoEiPP52XxPH7e0E2h/xjIZ6WLnMT5Xt4IyNQDCBTVkeRzFPVOyaJEFJM
+Bd/j9TSx10ytgJoPZrUKGmSqWI9TB/Nb6IFHPJZu8TuicbNacJYs7pyGoZ7nrgK
plLDUaJ9XUlX03vJ+3cKmaB10p29I/NyiuUaKvqgqst1qMtTPA==
=rZJ6
-----END PGP SIGNATURE-----