A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

Contact: mailto:security@paswei.com
Contact: https://paswei.com/contact
Encryption: https://paswei.com/.well-known/openpgp.txt

# I'd like to refer to Troy Hunt's security.txt content here:

# ""
# Don't even think about contacting me for a beg bounty! No, it's not a typo, read on...
#
# I run this site for free and rely on community goodwill. By all means, if you find an *actual*
# security vulnerability then contact me and tell me what it is. If you'd like, encrypt your
# message using the key listed above. But if you've just run some automated tooling,
# found something trivial then reached out with the expectation of cashing in,
# you're going to be disappointed.
#
# Read more: https://www.troyhunt.com/beg-bounties/