A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# Our security address
Contact: mailto:office@digitale-gesellschaft.ch

# Our prefferred languages
Preferred-Languages: de, en, fr

# Our OpenPGP key
Encryption: https://www.digitale-gesellschaft.ch/uploads/2011/07/Digitale-Gesellschaft.asc

Canonical: https://www.winterkongress.ch/.well-known/security.txt
Expires: 2032-04-28T15:30:00z

-----BEGIN PGP SIGNATURE-----

iQHUBAEBCgA+FiEEfsdJbxCv2NUEsAucICyJmMzr+zQFAmJqmIEgHG9mZmljZUBk
aWdpdGFsZS1nZXNlbGxzY2hhZnQuY2gACgkQICyJmMzr+zQu4AwAgdT+LdOWFxzq
T+g3xoOB/PW1plvX1wRq5AZaQczUkL2WdmFf1egaEOtP5fA3H3j8zazLqb/DpmE8
loyCYFS/zA2gV+z6DmQ5DDRLsojpfX1cQG+B6aTqhMgazX2lGPuuBW3zsfr35vPC
dsdBSZ0wOTxBEe5K2zI9Phw5fmnR6R8CcVltExF5WMbzrbFOyU3Y+mJ51hDF63tY
1RZfgn9o+qwVaMNAUvRG0gKJd6FadK3ARu9qoUBIt1fa6RNtcuWx+VTlltijJkuG
xKI5fdIvWpeL7w0f5JwBO1qx0HBWUwQVTv/9tbPeyRV5YpVWKU3Lxy0MUXrCejTT
tz2pHWflEstkXNYf6bMHTUiKj0mYlaE3/0TILninRzrXGmVf023gxyA8kjSqqLK4
AFnlVTt6lIkHGrklfV32AJXc9qDmcb7E9JRvW6Kf1ZdGPGleAT3x8zIQAxAViP2a
JgKbqDqFV+ii+beQzOyEk0guji4ZzqRjEC+kZDDDuh4oK3dzYLxU
=+z/1
-----END PGP SIGNATURE-----