A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Security.txt for Simple Legal Language
# This file follows RFC 9116 - https://tools.ietf.org/rfc/rfc9116.txt

Contact: mailto:contact@simplelegallanguage.com
Contact: https://simplelegallanguage.com/contact

# Preferred Languages
Preferred-Languages: en, hi

# Canonical URL
Canonical: https://simplelegallanguage.com/.well-known/security.txt

# Policy
Policy: https://simplelegallanguage.com/security-policy

# Acknowledgments
Acknowledgments: https://simplelegallanguage.com/security-acknowledgments

# Hiring
Hiring: https://simplelegallanguage.com/careers

# Expires (1 year from generation)
Expires: 2026-11-21T18:05:55.024Z

# Additional Information
# Report security vulnerabilities responsibly
# Please provide detailed information about the vulnerability
# We will respond within 72 hours of receiving your report