A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@driv.io
Expires: Sun, 1 Jan 2023 00:00 +0000
Encryption: https://driv.io/.well-known/security-key.txt
Preferred-Languages: en
Canonical: https://driv.io/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE4x+KFPIp7DDu/LvZUhqKxIvRM7IFAmCnwdoACgkQUhqKxIvR
M7ICtQ/+MymNxAwvs3uhfIOA4bwoiiWKM74scDqOdgL7H42tCbzmZET4WQbqa/TC
nE/7jGEPA1a3czM98JdbLpAm2aRATg8sS6Pi811uw+uCg4kgkGB8geo/FiNn5Bvo
yqHJEZt9yDKkG7FcMZhyMOyOKakZbErymiT0B5gCU0Vhd+k20JAmXV8VdQfiiqsx
xzMT6BbcJXhsKVYoBgF4LNeBaLXSY8TTu+IhPYnP06CAYjz8ZiFAjxtXPOgAh4BX
mx6AQLcyZpBxqwBNr8H525P+GNix/jrcLt/Eq+kWj86V4kNjW3/fS/iqStlezfRg
WjqL+hk3QoqgIevlc4/MJJSFmzwvEj3BYTRCpr+1xlQxktrzsg9OUfqWXQMXn0an
s9EngOZeM975gyfRkNsXu+AWg2Z2G+SZSpYrT82KrbGExwp0Se3dlPirT/qOaDcw
+gNfVIqXuLVO5h5FMLF7ycALrgsgLSoomUHjD/+UJn1a71LtWMKMlSsUmcZToHKV
nXLEY/68n9K6NcnZxfWohKcbzztgTxLkqzbhUkl4+hYoagysMNsQ68/fPFHM01BM
72EUiWjAo+rLfTXUJVZ3FsNvE11GfwHgCp7I/qGZfMt80Y0nzeuOKEDGNKujW7AP
OSsqA2Fg57F7Vb/XpOow0sW5N+zJmZ1RbnLy/uJxJKojURPPJ3Q=
=D/zo
-----END PGP SIGNATURE-----