A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# Our security address
Contact: mailto:secops@cego.dk

Preferred-Languages: da, en

# Canonical URI
Canonical: https://www.spilnu.dk/.well-known/security.txt

# PGP public key
Encryption: https://www.spilnu.dk/gpg/secops-public-key.txt
Expires: 2028-07-21T11:52:16+00:00
-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEEOPTKwTQSWURWSkyvh9NQYpgDZBMFAmh/e3APHHNlY29wc0Bj
ZWdvLmRrAAoJEIfTUGKYA2QTYosQAI763efks5yb+VSaezKuU6/iFhupvqiWELqQ
WtBJhCMfbbuI8f4tshBUjgkPcMEmK/pHWY2ZTmjGQRUPl0/wQgbQW4mc/CBKu92A
sJSTp00FwxxdipwL1BhPjETa/skjYjDOQg3R/D8OovCzZnxZ8sdNAMKqhMBNTBSX
h7cOiOtmtKY3bOnY9zjueHqEvnWlWuMeQKI2sg59cxk4IqFGi0ROSBwm+foRv41a
Lyh2Ml5J6jFkr9Xk3k1HFYY58dt795JjQaVJt6PrCC4T0kg5oltX4tVjtn7kRdQi
GxZRQOHE/hDTMgaVC+rNGhRilKqw7+YIBjkxXam7Fmz2jqI8fV19qle0GjY424sI
H4BgQBYUG/6VujlBDYEOPEong8+GjICL72xXfB/Vos0tIIarZikaarYSZed0OJFd
lAe6FVLfpLXPGrSsSr3YvP8mb/65wuECkEaI5E0DPBEVOHGlUHUv/BzRWavxZyx3
J1REOvZJ8kVTm4uGabgJsFDuuSkxFRKf6qVnJNMGCCb//8RwCToqb6DEN9sjXQXm
bwbN5yzFGjitgM0GVRApIbSoH7Hes7EFTNT7qfewVirPtx1n6uqbqc7HBeTBaIwr
R5yTdXYrE6GyIe4CvRPRWOSNC6D+dNhChzHs6bJX2q/XJmk9zhk2vUFr18U9xLtx
dzM8ZGVc
=KR9V
-----END PGP SIGNATURE-----