A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@aoteaenergy.com
Expires: 2026-06-30T00:00:00.000Z
Encryption: https://api.aoteaenergy.com/.well-known/pgp-key.txt
Acknowledgments: https://api.aoteaenergy.com/.well-known/hall-of-fame
Preferred-Languages: en
Canonical: https://api.aoteaenergy.com/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQSlAMGC0Bs7qwhySt6ZFfUsw+3EEQUCZsgT/QAKCRCZFfUsw+3E
EU78AP9qaeZpVVTTG8tlaOA5aA6MTH+o5IuA3e30C/1CoFaGrQEA0JEuo84dRigt
IW9717K3aVf648NFLvU4e++m8zNB1wc=
=AT+P
-----END PGP SIGNATURE-----