A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security_disclosure@steinbrecher.co
Encryption: https://steinbrecher.co/security_key.txt
Expires: 2025-11-30T00:00:00.000Z
Preferred-Languages: en,de
Canonical: https://steinbrecher.co/.well-known/security.txt

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEX8GXWqNOtdPm7TsPoEAasC84aiUFAmduEdUACgkQoEAasC84
aiXn4A//TI89B8OFwKURBt7wov8faSs+0YsOaa5DozbN92KRShO0eWytEdcdLxUF
ydoMcrI0yf8S4Xu1V8KBrdZpXE0PpswBSl270cCr9iWHvvA//WDOKbcvF5pFCCTM
z2oc5jz+2ixIOj2QWY8Xdfy4wHMEAmncrtMv/BxKNVdc5Vsj0Al9ZVRhykes/asc
lq6mDcx1MoiFSAAUxvNWO1HGq5XTL1XujuwzNHMmycquoX9ttuFnIGV1tGSZRawD
khAEhBdT0nAmt5+3vRoEHKcYdOAvgTzg7/uklWDl6U4+YRKwxOPu7/f6ePyuYPco
ehkw28MYKgmGwFfzE4Opp8+VbJIamuaZmv1x/u+SUVCm7/vhepIrDT/Hz3tdxHpl
rP2fxZe9tb9SorSsrGAXg26UptoE4IaBvUmsfsg+3gKibdVxBw6g/h/KFJ/fRS3F
7KtgjVpnvRwjK8gqTpA773OmJsNcsTcguURGZCNTeTWMP4Zqf8lHMsPxsX7klg8O
uvEDqrw/UHxvKE41413FooY1tYCYBvkErEWJ47WXsTOpFgIOggcoA85EINpri5s+
IfdL0uT0mYpBgZGyKqVGI0jbR1EbB5k+gh0/yjqPJK0Dol25MuP8hnxLk0xkIVgA
olqKAVjY4l3BsIJBxxBTC363y78SoDIJvZkjSNipYj8k3GpCQJo=
=kKzd
-----END PGP SIGNATURE-----