A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# To report potential security issues, please contact us here:
Contact: mailto:security@open-systems.com

# Do not rely on this information to be accurate beyond:
Expires: 2022-12-31T00:00:00.000Z

# This file is signed with our PGP key. Here is how to validate. Feel free to use that key when contacting us:
Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/6BAE656FDA66460F36D4EF76264EDD5C9D314D32
Canonical: https://www.open-systems.com/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEa65lb9pmRg821O92Jk7dXJ0xTTIFAmHAT5MACgkQJk7dXJ0x
TTKAlhAAlqqh4jF6G9Mxo6JzgjyCFDOmlQ7YD2AC6R6dKnukCGxtj83iQMWd+PhF
rLYADY+0Rd/kvvur7/0SAjHdKZk1LRYMGZRGgjdTfJQwCj4a8bad1vmX9UToakym
pm+UKsJXtpYJtdA8NsRsYOUJ79jKBMW2BR/Qv/zau8OzanO/IC603A6r1gkTOMvG
CYUcNajVyIXnH/rLI/FpY6aChKQr8z5b50awi/2jWOTWh8QevsVbet7c3HVvyrGE
LZJyEuY0SIRbD4Qnc6Wb5CnYD80YiW+16ywj7CrOoiyv6jwiYDZqMjXSh1TlY2Hv
1Enu1GnB+QILDHn3FCd2vXcFhwCatLes8hoeEhPMyJTxPEDeTApwxJwuo18WlaYJ
bvLNUfOZeSadCNyecb1Wtu/GSKm45/hlwHTZ8lxmnlVy7kaNT2lOJnPjbIvnfqOh
tAoL+QqjUlgx88XPld4C6aXfijo/6AFiNH7LhEfunSpERrzP2jwFHb2X34YRHwuo
/0bGwVr9kD2hxvE3e4poFHH1YaSJKrCvRZJ0zd04przd97AgurdzOUwI+Uc1XiR6
5yO9zBG/Pw4kb09xCn5WvHtjXN5N1Zxy8yM+moVrDYSo/xsqzhMJuQu/FczjgL2T
zbyS58tqyHItVZvdhPyUARx0Gm1CD8pq5dQ4qZfWIYBo5+bUDig=
=sUhm
-----END PGP SIGNATURE-----