A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:jens@plyp.com
Expires: 2023-01-10T22:00:00.000Z
Encryption:
https://keys.openpgp.org/vks/v1/by-fingerprint/3CA2C229EC7A8AB0EE98D431AD96F6F572A6D22A
Preferred-Languages: en, de
Canonical: https://www.plyp.com/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEci4R3bPsmS6uSKPIwbdNWZil9lcFAmHKzw0ACgkQwbdNWZil
9leUNQ/9GWp2/gJGNiExbfXvJhBhBVX93ud7ARm558eHAqNLlJmD5aeAbiAddx6b
1lvXXJKZ/HnNZRA9ZHbA4GMezVLWm9gS8LJi/gGWp3uSYsNFaHtW+QXJ+Efo8LYY
B55r6MpxZcxKZ9e9xX2PKC/FQkdKCiimzX2Qe0kT2T/tFnD10gTh8+6oMrvI7Slt
1AVNwMTSC8pYmQTnErxzFCSt5XxnYvDpeTnFrpBD23h7F2ktN3BFQGmoL5B7mbyX
vwarihlQ/0PlAkgYX/Ym2/kzYn9AFSSQr0tT4a1bgByTYPHRObtMVKBkZ0TxvXr4
gVizZQUKaha6N0KWkMkD2weiv9I4NIXcxBPMzuUYpMCeKGIkO2GIBqCvIDwmGSWP
9NbEpQufVI75K3XGFFa9wdlOvBmQ5rAi5evwDswe8ApqiF9VqOwmtHuLymv7GZnM
+3F/0Mxg1RviaJhKfdh2N85to+kFfE1b/I835PR+c608aNvrQClc0ixaQbzagxuM
CpgGnnnj8vZkHakmqsFwL+rAD13CPmJg/6p6xBubk7SzBlY/ShObA82hg3M0pen5
Ts2lg7ZGZdREAmz1j8z5eiVZ+DTd1PuMBjF6LRfy5bLbne3ickHdKrHbyEN4jFCA
MolcjKdrkZTjsf4u8My73dKI6wjfsAfNoouIQ34GMm//88viVzU=
=o2lS
-----END PGP SIGNATURE-----