A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: https://www.atlassian.com/trust/security/report-a-vulnerability
Contact: mailto:security@atlassian.com
Expires: Tue, 15 Mar 2022 23:59 +0000
Encryption: https://security-static.prod.atl-paas.net/atlassian-security-public.asc
Preferred-Languages: en
Canonical: https://www.atlassian.com/.well-known/security.txt
Policy: https://www.atlassian.com/trust/security/report-a-vulnerability
Hiring: https://www.atlassian.com/company/careers/all-jobs?team=Security
-----BEGIN PGP SIGNATURE-----

iQJLBAEBCgA1FiEEXh3qw5vbMx/VSutRJCCXorxSdqAFAmBPo2oXHHNlY3VyaXR5
QGF0bGFzc2lhbi5jb20ACgkQJCCXorxSdqD0mA//b3soYmZdjwx3G1WNRs3eB+Zy
dT4DQlkyj7JJ/OO/p61cALRC6dlsb0/YoN1G4Xu6zujyLKBBYU0umHDJ4+Q+8DbR
nC7PjHNjdZ+vxhW4Txw+rFHy7QHN5KdpoZKUkKx8DGm/WRRO9aCwSTpaUJpmcddh
Iy5xGwd9K7715hcAQYmIbA1OBJTIxukvIjylxBQBnJYbkXPtbbFMF24/+VB7kg/e
tnh5TgDWU4ieEzJhgO4Dl+VtY13WfyCY13nBkc5vlHvDaRTHq97e6uuNwRdQb99o
R/ggBsonZZ6T15LyKVnuZ8IBds37XGLaaiTXe1sRujb4BX8st3atnLbtgj0VhpgA
pc1eOsi3jCUWfjxAbX/kWa324qGFIVddnKfZZkbPtMPeMGvovjZrHT9OKlNQV3Ws
94u7f5ESIXaYyZ0ezevPUet7uccR+kJNXvFY+DZjuQOVQd12u9n2S1i6aqw5AJN+
/5f04J7a7F7rn/NMxABfyQFi+KL6fH7+m1hodH+8xwgBLg2gCXzFoq1I1BQmxJga
ZQTc7OXuuhfaBe70OiOPPA6PeFF32kalPnesN95+Bc9PA3cyshmFO4nVEmG+WGH4
UOFOwiMJ1mBRx7BitsvFmf5nwGxY3kfkDUBPo7m2dZQbEzWQyFAyBRJfs0KnBfDL
jrWE25YVf3U+rShSfcg=
=x1u2
-----END PGP SIGNATURE-----