A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@cp2co.de
Encryption: https://cp2co.de/gpg/0x653199283E525E55.asc
Preferred-Languages: de, en
Canonical: https://cp2co.de/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEE3U68ZnHH8bnIG3ouT7j7zgovhfcFAmJCDH8ACgkQT7j7zgov
hfeB3gwAkCdd6hiEYSdZcbJ40W3AtCTqxknBvziEZhwAlswHkfQzKoOi1BjeFnZN
L8AR2Qvwy0YeioQ6pOyiOebDFWcO/cID/XYQj0qwnizzcBB06l/wNz3wSh+S2D8Q
2vuKXM0o+HK03NmNONzrZFnsHS2Svwlf9VCNcz3q6W/7y9Juse3euZ+I9QmnPpL4
XyoXs3WINownZwmd/4ucSZkFVpZapAlCyrrh0/vu3t6XU9fGL6sMvEsswycsb0Ch
3cwnkEJ7GvUpJz9VzOmTQeTKpndN4l3Enu3RaaNsH/e9YKWW6oAGV6kx7EREtGas
JMYMpdDenP1GJtkY2rj1mqR7OoFTFCqROQ/EDA/bbALr16baUlde5fhl4h84yDkn
zTRWmmLpigTgOzvUXMgKGZbbcjc2tZ0ZYtQh1xnYxQdJIE8Qu17QTGRtjkiF1dTo
wBkk/AqRlbcP3mLVP31ZDUKf6yopa24okg9RdSSFXQgOm0soujoH9rtUnEyunESd
MLGx8rtL
=jlYX
-----END PGP SIGNATURE-----