A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: petr@stastny.eu
Encryption: https://stastny.eu/stastny.asc
Canonical: https://www.udhpsh.cz/.well-known/security.txt
Preferred-Languages: cs, en
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJdkf++AAoJEIn+qiAX8IElL18QAOOy6JcCF5TVhoDZHW2+zQTF
VBk+nzxprQCdp9iDoWZGT3zy1LDIYLSFaBS8SnqjOelczmWyLMz77NgkgEFUUUOk
IEozrDTg+4Dw2AD/99ojyY/3uB+6riYG61i/4QDAnJBrsuiNz+x0AaKNFTgrO0NJ
vxPU3DEEnRTidyCSNdcVbdiqNNwzw2db/cQT+Gr9iZARn9dUUtbnSXFM7ebdgcEV
SfvAyUaaGhCQ7dJER9neOJR15e/ap7EZqCbNo5uvQSoeh0ekGuYjFOB3x936E6qA
gk46Ge69RifKt3jXLLq8BLvtlFWyJ0x8RfjQvMruYQfxmLGmEzWLVSVqQfntDYBG
HeUlbDcF9y1+ZPYUFtpAMyp5hGKd1DlANf1VmSV5lkjwnqv2SWh797MqCSA36h6t
5XBVL3Wc7qronGIPfPGUKWDZ7O0HmMHrzYwtObx5IVKhY1BRyYiMRw4BUpfQuFRH
CQ31+EIqPhZ0MCIw39bj8mEYyKDeD2lgya4jLWvgNlV6BsF761ztuN0o4U1J1gkl
GIyP+FwYsHtZ+TKrJE3tedKEApzxGkQhbRD+96O7p2y4AwiThDrhIRirK7ZrhOQQ
hbBUEKkWVWipKp9VmtBtv+x2b0C9+XZCm11GDFSvpH9BQo7053Y6Z7l3MnbdSsVo
6lTVyWWe/2fhDEI/VtdT
=ih4q
-----END PGP SIGNATURE-----