A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# security.txt for s1.foleon.com
Contact: mailto:security@foleon.com
Encryption: https://s1.foleon.com/pgp-key.txt
Canonical: https://s1.foleon.com/.well-known/security.txt
Preferred-Languages: en
Expires: 2027-09-05T00:00:00Z
Policy: https://foleon.com/vulnerability-disclosure
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXxUoOaiToPwaFWtJ9PH/3JQs24QFAmi67QAACgkQ9PH/3JQs
24Q0kxAAkrC3PZKN5A8gmIQe/4JVX7KifR/QMLMLO4lyG+bw//HYNmSyEw46t4sw
bXKbYQH8O+oPDkKqbmxv9S32lNqLDj7rTQ+6BgqsgHz2gqRtynsi0uHl9iSAVO+N
AwVtKmdv5hfk8eTafnmwk2aNfprZoyvyXPEKsCIAcTowTTSx6IhO/yg+e8oQbW+u
HYea1MBnRjs/7UHLLe1tYTlBr0kZ88yi05W2Ixb0xbx+lS1DIIwGuv3T6Q3w+R4B
0wBxH0hphJb+9QeuFf2CsQvxfSizPT7k2XkRxxWL9cxLZ/ed7tDez1D4WfRPNRCR
+dR98dOCV50p9fJWkbaTeglNItyYwYg7dkk8HLWvkbZh8mii4bCjW1AUVwUrIcaa
UXGayw1eYMuAkXrLA9HJcJ6Bi2hiI4AVj6hAX9G/VezZ6/2DU7vmgS1WkRm8ePbJ
kqLdP+NLPqtpnbt7g1lLla36d/bimYWN3xLqnFyWcnNpxAtbmNA7zNF9qyETFjXZ
cUM3WES+IofXB7h/4SuAQHWXyff+m8gNu3LDedHhDnjFSvzTv3u7Cw1dwscmB4mI
NP9hMGOPpatIKQC6nUEgc7xMQ63qGLWyOw5DPormFkcWeCFnuoi6Wp2OoPjz0r9e
1zyYP5ryUe6B6thLpyiHgWTO8kgA4MYbc3MEBCvEFrUJ7Q1l9Ow=
=ZiG5
-----END PGP SIGNATURE-----