A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Report any suspected security vulnerability to the HRL Cybersecurity Incident Response Team at:
Contact: mailto:cyberreporting@hrl.com

# HRL Cybersecurity Reporting OpenPGP key fingerprint:
# EF3E E21C 8DA9 08BF 47BF  794F B8F0 4546 DB2C 2991
Encryption: https://www.hrl.com/.well-known/CYBER-REPORTING-PGP.asc

Preferred-Languages: en
Canonical: https://www.hrl.com/.well-known/security.txt
Expires: 2025-01-31T20:59:00.000Z
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE7z7iHI2pCL9Hv3lPuPBFRtssKZEFAmYm7LcACgkQuPBFRtss
KZGGSg//TtxPPRmX9QyuE3IOGfWVweBxdlF5CwSttQ62a+Ui11+YUEXezQmNgrHg
e8twAWKZ5Vgo/8spCHafU9ZZ8TtuVzG4+71COwzn8U4reyeAjpddLAXaLC8fUug5
G4SPhqrpjWKJayy2uVGimN510Rz3f2MjB8rLnYn7S35EuaFqSqxLjL7anRbHvPsZ
GbWmfGD1/A45h7EFnWczJd3p43Gc9oHmQrWt9PDN+LOSIBfouFwuw1DJ8bkNaJ7b
cH0ihIb11+uecN9Uy1snNAMEQLg+8ziwbML6rvfPgfb7ZkO8PeDA8vWlKP+SykJY
u8bZwlfIFKJCLCBs7Q9ju4ytv5TZe+auBaWsQnPCwDsWb6DSPEmXC/fz8sI/EHBi
izyuvHduqYdQNnJW1Ay04XF2wm1sl7wcs0t7Y7+tdD4t7c2AEERKeHX3SK1oD0P3
AIt2mfxB72ck1QAaEj/nXr1qt+3JdZMx/1T93/pD2U5begY9y0IrBO55XrN0coXf
4lMAEuzWWJuFvzKslHYk5Lyi6vuLdcUSvZemQ1Hz3Vr05+k2MnleFqMopbwzLdoe
6r8VimvsD5A+SY7tNoDJ0T53VaAcIGGp9XCJK9ltJwetEzHAGOmryOtwjosO2hzT
1HxIgy2udv0+Q4ecQfWEitRCBk3ogWInBcMBfqPJ21hebT0kiyc=
=SpRL
-----END PGP SIGNATURE-----