A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@lexisnexis.com
Expires: 2024-07-01T16:00:00.000Z
Encryption: https://lexisnexis.com/gpg_disclosure_public.txt
Preferred-Languages: en
Canonical: https://lexisnexis.com/.well-known/security.txt
Hiring: https://www.lexisnexis.com/en-us/about-us/careers.page
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEWtSgGVjzvfy4FDyefrR87LIoLuEFAmKaeD8ACgkQfrR87LIo
LuFF7RAA3oc54eK8D5SphKQCHjPiRTmKXShctE8ZlaQSMWxBwu5RvTHw+3WdjYQH
TiLf5ZgMn8tpBgqSpBzbZPWVU8hr+x3N9dBh8mIMedu3BAR2NOzjfoOWhzU9gDpp
gywAxBif2ht4eyQ+owkP/VKYAubmnmNVwPv+RgtJ0A5uOKlykk8S++7XX/j/vwoN
cuQNr1caz5HlRO7qFMaz0SXRVirSijRd/dE3nVwWI25P/5j9T0lAOumstHFvmJNs
ljkas1ISI3/FUuyNAFoMU5IOUXLuaecPT94K5RbKtJXoR7BGalfRWe4zhrEcheXc
x0tM05NBJNgMvoVSQ++OaOC8vOv3plod8ufcLGGjdPxTZdE7G89I/jsJyopm448A
35yA1RJhkmsFiyG5GWr/VcQP/AnxGrAaM4oH6ETh/fkLIh716gaBbby1wVE2mLp2
mtdQ/YEhOduwclYpE0In0UpLIXUFQlLKcNw2Gu+W+fJw8Uus/sHfBHsw6CGc56YF
8Mr/dMiUXS2LmOrGkKAYGUwX9W8hi/9o2TpSWKA1DZIdKIDtnVGLA8Z5x+J9IaEr
LFyesbDDbVjF/63zIRV4YdOEytWYJ5c17gSei80H9xALq4kz362EE2lRmvmOEL4R
Ipt0epnD8R+FJdLqfL2IfEOvg2ufZ9Mb8c9cT7hxpwfufESjnKw=
=jHb5
-----END PGP SIGNATURE-----