A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@trekbikes.com
Expires: 2025-02-28T15:00:00.000Z
Encryption: https://www.trekbikes.com/.well-known/security-key.txt
Preferred-Languages: en
Canonical: https://www.trekbikes.com/.well-known/security.txt
Hiring: https://www.trekbikes.com/us/en_US/careers/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEiQY/hdaD/9rSKYVl30GJ9l1FDzQFAmXBQWQACgkQ30GJ9l1F
DzTd1Q/+KzWezIpoK6hIcugAvGSKy/fcZEXpF+//wGBAkGVFBi0WLgTWuIOEnB+g
Ndsjjdx8Ypkq/b549Y1nmk04W8Mnf4/EHSfBdrDaOGYV5i5OBLyWGjxta7RLn1rG
tVfQeqnTD0xtC6WK4HZxze+xZBfWzel6yP52s3xJbSzsSJU0HEy/K9eAYxENje7e
OvHv4qfmdCKdqPitUJVBTIOLTC60xVP/r6VDqyaRjDEAf8Jc2rI3k6xNrJRi8Y3J
GmS7+8UE5hfyp96cLIDEl9mM2c74hRZDpAtXaj7UwqJXappSi83fq4PLJud/xZjn
NZmT2LABBxNJCCde0GEX3rE5yZFXZkI/3CLHLpXeG81+c1I3qgX/IN+/M/YWNhO1
/S0PzjMgdRDwSb/2U0aRiA071rclvZ1Fd5ee8UgW5tsVJ361lre/oVHR9ZW8sLTo
VCx4zWPkmH5qI42SM1jij/9VTp4y5FAJ6EAAojHTVZFnekpb5dI+4AZOe7Rj8B1K
CbxF/Z2TCfUWiULM0Yr18xB18PeXex1pF8rjE3JKpA0hlWVgjjtDYyePSQugXeWl
LsDrFg1YLnOmqdeVOJP6iBUxBfinPVZeNsgNaxoMqj4nHvl3fZuWeswfapi1L2Dj
IdEhpipdliGYZ5gESj2vDqOa7honRC4FiJD2OetRoms5xGtnN6M=
=qhpD
-----END PGP SIGNATURE-----