A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:web@rock-y.org
Expires: 2023-09-30T22:00:00.000Z
Encryption: https://rock-y.org/.well-known/web@rock-y.org-(0x18E13D04F557A5D5)-public.asc
Preferred-Languages: en, nl
Canonical: https://rock-y.org/.well-known/security.txt

-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQQS4BEwPNQaWfX9zdMY4T0E9Vel1QUCY0fcbAAKCRAY4T0E9Vel
1aacAP9Xv2xa7Eq+OiZ7H2zrv6UDDrgGWL8+GVlshkm3jn16/gEA8Es6o2rYvH1X
bJSNJY+fWsylrZHua7RwUi+XFkOozQo=
=MPGe
-----END PGP SIGNATURE-----