A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@stedi.com
Expires: 2024-02-07T05:00:00.000Z
Encryption: https://www.stedi.com/.well-known/gpg/security-at-stedi-publickey.txt
Preferred-Languages: en
Canonical: https://www.stedi.com/.well-known/security.txt
Hiring: https://www.stedi.com/careers
-----BEGIN PGP SIGNATURE-----

iHUEABYKAB0WIQS/sIOEVVMXpll7ri6qonNPpbp71AUCY+FLCgAKCRCqonNPpbp7
1FO1AP0ULVK3ShzqqxJgPp9jBTpue30XcWNRIlo6NSbXb8m7XgD+Lf1WD7IElllT
pAd3rr2/MjOX2D4vK9Z8warpe4h4zgs=
=ODB5
-----END PGP SIGNATURE-----