A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# Our security address
Contact: mailto:secops@cego.dk

Preferred-Languages: da, en

# Canonical URI
Canonical: https://www.spilnu.dk/.well-known/security.txt

# PGP public key
Encryption: https://www.spilnu.dk/gpg/secops-public-key.txt
Expires: 2029-01-12T09:56:29+00:00
-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEEOPTKwTQSWURWSkyvh9NQYpgDZBMFAmlmFs0PHHNlY29wc0Bj
ZWdvLmRrAAoJEIfTUGKYA2QTUOAP/2XKZt73hc9sQ/yZOlSlUAGs0zl8dGAVd22P
q3kJtHZfc+5lfxnrxG04Mve3wxvcqWhTipojpANRGO5ikZv02psbUu+pe9tM6qD2
NZPyfw3fs326V7bANWrtu3iEOEW4hSEXukxI5LNOFhLnK//3ruuwGEo63lvUoMIs
UusIcwOsTURX55v4KQqp0dFiiCNKYgnrDqxQG2Q3nKggYh69fIpwVoVoSZgQAl0z
YRdZ63fcIN78XsEDhOabIql2BROVEuFTW5CTu8lY/uwUO39MOa4Pwx3ZYbf7x7Sh
dQv27g7VVWZzI1Dx7hdbaD3oHJDwZDsvtK5B3rWOGWOTpXbQgAABIR2PDfvfLw8X
/M2RyoSf4AtBX3DkRUSMXCeuV3yJhnHEGVm/cnn2vY2101iITBHShPtGV9F+/riX
u310+TpOnyuHpjlYAEqljDM+kree8b31N9MStIAx2/aZVsIQJaLeNhqcfrVEGcNj
CX1wRiRSqK5sosCvtt4BHZOx1j0a/HqwD1KwJEop7YkMM3Z4D/dM+BtcY0WH9Zgo
ISE3nBCCljMl3dE3yMUUf3ok33SoiiciitF6MbM4yiwZaUJlLsTHNicFkjH4kU53
DJOToEoGNZdmGtNgRNytbuhmeOZ/N/NEn9lRO+0fRLq53ZknqvsfYq+gi7K7F4W+
ZnOoZO9P
=4epu
-----END PGP SIGNATURE-----