A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# Our security address
Contact: mailto:abuse@cuni.cz
Contact: https://csirt.cuni.cz/en/contact

# Our OpenPGP key
Encryption: https://csirt.cuni.cz/en/publickey.asc
Encryption: https://keys.openpgp.org/search?q=3F76F3C999DA105979005B4C2FC53DCB10AA8BE1

# Our security policy
Policy: https://csirt.cuni.cz/en/incident_reporting

# Out security acknowledgments page
Acknowledgments: https://csirt.cuni.cz/en/acknowledgements

Expires: 2025-08-31T18:00:00Z
-----BEGIN PGP SIGNATURE-----

iQFCBAEBCgAsFiEEP3bzyZnaEFl5AFtML8U9yxCqi+EFAmfAbNcOHGFidXNlQGN1
bmkuY3oACgkQL8U9yxCqi+F4iggAhDNePN4cB9T+tH/aEYUS60MGeqf3YXPJwOiC
lypxvsArmt7Ylf17UVDJwwYsub9hQdZtLCWOY/W6tKL9efeHMviiEKzpVThvtHXz
164Iqd0+StmtWWsRiRCyiLrhMt4HPtmYdR3x9Q/spFVlVaVthBRV8LX3Krl4Mfy7
/ctMTGZaOfo1THrlpAMvmvtJU0p+mZlwXJqZsX8uDjggnNt4InV4j23rAhuw4PKB
RT47itQ/AspNN+1T3Gpdc/iTMduvEDgR1/nHKN986xTPYukSnBplP90ZlCG4AFoR
AQiL13HM5qjFQMyapFLBWnj+A5qTqzsnQKp18TGkhTMmH1ozlA==
=lWPM
-----END PGP SIGNATURE-----