A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:securitytxt@floh.kohler.is
Expires: 2024-11-25T23:00:00.000Z
Encryption: openpgp4fpr:9756A9CD36FA645CC59A8CCAFC8879CDBEBBD58A
Encryption: https://threema.id/5B5PUBAK
Preferred-Languages: en, de, is
Canonical: https://kohler.is/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEl1apzTb6ZFzFmozK/Ih5zb671YoFAmZhVxAACgkQ/Ih5zb67
1YqX8g/7BOt/9M4DzdtuxbjMqkIyK+k8cvMg7CLO6Yw9aNXImJIE1Wl3jrx0gjJE
rtvrEK/HciyDqMQ+z+4vLPRAjqTjtzGyq5MQdpteyCSEl/XTfha+ukI08ATpBcLQ
Lf0t+pmJqyw0F7vaQ9RbhgmRlx+WXJttEB456vD0ilcdo6aScFrS2e/jpS4p2xIB
dPljxFNPFWfLtbK9guXOD8fr52lZ2ad7IzYnscr/WHQfM5MjgVaUBsXTc36Bl/IX
6f/ykI10zMBOcJxHwAOeERm7+FgHxJTqlG5MaM2eFdeEnxKvxOqgE024bwGbcbHT
yjqIzEq1kRcJUj7FbBYsZYmBxVb0Ks1n8PA2GlUcnkntdPXg6LPOQQ58YTsiLxvl
OCycihkfgZvNVnQosXoHWcXlSAvesHINAcScZrpR9yUYUh0XnDH4RfBfm7vUazLg
wmE/Hgihl4HwEJLfm9RHszgM+K4oA3JDMbgr3meCzysnRH2jJxSOfr2R8u78zgVn
kYRiXJK3d9OuUktl0SVoyylsB+y1ihZU6BHpgsOOeblPCnINMEISNXVk/lRm1Pwk
TUoZSNmffAMaLIIQNXPE0ap2b4De+y9/6+xQT1gSZoe68VJGLMFf1RPeFSEQZ7vh
GcYKEeR6FsSctkCIQWJ9fGC693/nqtuRiEyFagUeISdHeaLT5QE=
=QptJ
-----END PGP SIGNATURE-----