A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# security.txt for Kuhmunity systems
Contact: mailto:m.seidel@kuhmunity.it
Expires: 2026-01-01T00:00:00.000Z
Canonical: https://www.kuhmunity.org/.well-known/security.txt
Preferred-Languages: de, en
Policy: https://www.kuhmunity.it/security-policy

Encryption: https://www.kuhmunity.it/gpg-key.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEpZlj8x1206rpaXVdBg65526UjjgFAmjSrrMACgkQBg65526U
jjhsqw//TxCYY6GoNRoQT8Qqxw5tTygL6js6eG3IvzbRiTaOGzrzl6df6Kq42oFI
XAjehzTnpWD+fppNxYhHQe5wVfgva27/k3RrU2KWLOl0l5xIFeiWgGoqPNInhgP1
CJ1/8juqBypXEaWvdqsKpeiyMaWAbAO6O8Kip0bi80M/VHbFMrLHEoxgoHmsn0cs
BY7g8jsmcsi5KRjZiTSH/swycr3Cc4rVJrFMwxp6A0OJ1rAMeiGet38S2yMaBW5p
QKiHmSjGLrurfggZW7ej8S315ax7ZQoZFCMCBozLIldfk1rrnUGYmI5YjoNwiPk/
XvszaZzWnsP6xW6CApfmQotDZMBQqLZv6LlU6Ze9MwrQp4x4Z0EVr2r7DyyJZ+cs
evvnMO+03XpHumsdhFK2CYBG2K2LzoMyIsdPqDv7MDrqZOgWa2swNOq/a6Do0Vdj
a/u5BJyJ7uv3/i7LqemURPE+ANxNYd4XWblNv/xnL4mXl+EuGtdK/rHpxBAWHqBz
6i58lH84BBmJTPEK1J5zMw3FyPBd1KjyAMM/WYhqgnAHor7KpJQLw9WW6AnnApSo
OutGSPCXV5Q+nkXywTPzLtsqRUHAy310YNJpbZitJeeipMrTbpx5Azj+cFsk9Ry+
nA+qHFvOg6zm54VammA6iVpWWh4Q4uXrJpH6TZ0ZokNxNHtt/3Y=
=/9JS
-----END PGP SIGNATURE-----