A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Our security address
Contact: mailto:security@orgnostic.com

# This document expires at:
Expires: 2022-12-01T11:00:00.000Z

# Our PGP key
Encryption: https://orgnostic.com/pgp-key.txt

# Our thank you page
Acknowledgments: https://orgnostic.com/thanks.txt

# We accept the following languages for reports
Preferred-Languages: en, sr

# Address of this file
Canonical: https://orgnostic.com/.well-known/security.txt

# Our public vulnerability disclosure policy
Policy: https://orgnostic.com/vulnerability-disclosure

-----BEGIN PGP SIGNATURE-----

iQJLBAEBCAA1FiEEOiZIaR8PF2D/NPkfq7vlHEWhHN8FAmG4pbAXHHNlY3VyaXR5
QG9yZ25vc3RpYy5jb20ACgkQq7vlHEWhHN+bXg//cizQur9iZwvxTCgVHjU6JnkR
xN57U1ElrkGPNrEVQpQ/LZsj6b9Iek6b1AgHAysOpf6f12V4w1IiH4Stxpg0v8fC
wh0UEyUoGa59wyUBfF0cRmQ6/qElKBLM6tdDHuH/PW8nj8C0e9f6VGwqBvaKD/nM
4ljpp8bPdlJGdw/jLVn20smGe+LqAvBLRutyvN5vKN6Ksn1+zGIh5qILlCWWOsfo
oXuGdon09HJH8zfy/TN+4EO2ct7ORnVPVMAtZQ3Ml4hs0T666aQ2gDiJbfTGpKJP
HVKdabGt4/wjoO6Kz2+GFBNcguti/3rqVQ+AILd55tKf2SS6MjoO57bRNlZci0HT
wlfAN70LfqgraF9t0wf0XzCQHWwsBzHpgxEJDfhiY5JgNGyDJRMyP5NyGDdDYnoH
oyLy5T8J48kv2q18vJPdxratvkW2O4sRttkCdOu56ZWYDlnqFh/doqPU76uOcby5
3YrQpMidewlZVPwldUq3aMsMcsLXIrN98OQpSaMmf4VQNlgGeVrQtzEbzDyGTuSe
mfjtLS4LEF22Jogn9FGZiPgaOsKpX8Fog9ZKCVJqLgk8dt86Bl+ukiMXBXfFQ9QF
Fv7LCaOW4BtmMxvrBCe2ovkJ767COWsxJWSQeMPNS4dsO2GGv/HK3ElInj2YoNYj
Fa8duY7mkam4z+SgKEs=
=+avA
-----END PGP SIGNATURE-----