A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Canonical: https://www.tibco.com/.well-known/security.txt
Contact: https://www.tibco.com/security
Contact: mailto:security@tibco.com
Preferred-Languages: en
Encryption: https://keys.openpgp.org/search?q=security%40tibco.com
Encryption: https://www.tibco.com/security/pgp-keys.asc
Policy: https://www.tibco.com/security/vulnerability-disclosure-policy
Acknowledgments: https://www.tibco.com/security/disclosure-hall-fame
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCAAxFiEEA1tvxkWUGZQWIdpd7p6Vxm/y3HgFAmJ9LqYTHHNlY3VyaXR5
QHRpYmNvLmNvbQAKCRDunpXGb/LceCQvEACOPzN8j270LR4BtMp/lzdqpa9e2zvS
PCgxvZ4HBPSZIWp08ejGhliAqATG0vl5HYqMmy2s9JrIJIiE22US2F1mzpxClKoi
6T8cI7RkKD9pL+u5/SSZI5kv+P+rdJpPuBgsRAxlRHMo9xUCpbG0J6FMVN9bxZ3X
Hu4ivJZ8tU1YG5vyYupny+2jYGtW0jAHTbKF2+98FO+2bq8kpKiPRTOmbxIz8ejw
2Ra0dvPYxdf0J8GtzsaOiTwlnzvMaKoD+4eti9vusc6tb4lhFo7l+IsUBoxfLOPp
I3c3c5iNlWMkumlbia89i5iVdJk5i4xOR/JfjaHtRLte1VuYY2ji4eoCxw/xoyKM
u4TmXXGzBwfnRGx2wmZbfbp5DVjwqzyCzbka/yTFl1gHv0r4572UShB/9cKziUbb
ZxxoC/7hA/OjOm9++qrd1L3smvqw5FfRN/xqGO77/AkBrOdcWXJAeWo3IkjGGCBP
NRXIanmXr9n0ekYYtQ8A13PNaR/Xu7TYQwLdnulmLWRiuVlMtVk7OCm6twMkGWYT
m1+kuke66iyNMogMDmCHamPGsetyGyW36Fp3i2kqlvo7fobchQbzALGX0YZFIyZb
72QSX3LuS4O/s9NqP90tdknZoJHZQ9J8C9Hynndrwctqb36uhfVRv05XMgZUB2jf
NS/B7VUp0jUR1w==
=Dk6x
-----END PGP SIGNATURE-----