A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Please prefix the email subject line with the word SECURITY
#
# An anonymous disclosure is, unfortunately, indistinguishable from spam; you *must* clearly identify yourself.
#
# Your email should include clear steps for us to confirm the issue for ourselves.
# This should ideally take the form of replication steps and/or data snippets.
#
# Please do not contact us about low-importance issues, such as those relating to:
# - Old/obsolete browsers
# - Browser extensions
# - Non-sensitive cookies
# - Issues that do not present clear risk
# - Hearsay or issues you have not personally confirmed
Contact: mailto:security@mobi2go.com
Encryption: https://www.mobi2go.com/.well-known/pgp_key.asc
Preferred-Languages: en
Canonical: https://www.mobi2go.com/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEAJInhx/EfTsFOFV+AVT69P2BmoMFAl+GPNAVHHNlY3VyaXR5
QG1vYmkyZ28uY29tAAoJEAFU+vT9gZqDeAYQAJ5F5j1zqIicwZPUmcAbB4wHezLB
U1zrNOeV2iHkccijajqNnopzBNiGwkx/h+Ti4ofystMLNzGDK5MV23bTUKN1dZ8b
kxl3GLjbslO6Xay6pumIIfY8d9EIt5tK2kC6ozpmfDMzpTMH4ySiWaBVOV40yvcP
jw9LCacKn+KDakbnSAYJuw70oopkETfImmrgn7dJC4DA+oZ+AYBMpEzSUWDC5s2p
xDQMpK/LbSxj7DzFPl38iFui5UhhLEUB6Yjcfvtz71P9kbqaih8wJ1k1CC1kauMp
qVCs35EevfF9ppU0Sh1HKHDFWLALQv0o8KqOxfA3RebSX6iSjwy66K+a0wbwbTkB
9w/trjif1OayDcwStiywhRVV9wPayV7yWQVGomOGeRUjKddlkGJOOqGx4deG3OU9
T15q7oPbbW9PewHXJ/UwObUzSWNv7DVYKfubK8YE8zFWF20k7+WCwAyqXk2jLGFK
iYRavklzZZIPJrG/lCzfwT1ZDCnVjT3jvO+43lTW4l6VaiCy4Q0j+NGtcVhpC+oT
VbCRstGfZhko2Th+Am6PRCsPu1G6y1TQ66mEVZT2LzE+/R/7fJkY+UC+DRdrnDd8
UDj7fZvNySnpSrcJhBYIcdqgLXLi28IsSbS4N3xTkKWf/7he+/jMruM4YHLZiIZB
YIqTJpgVVPnXMkSK
=RCqL
-----END PGP SIGNATURE-----