A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# About this website: Anyone can easily create a homepage with https://bt-web.com/
# Date created: 2026-01-10T08:20:38+09:00
Contact: mailto:rfc9116_security_txt@bt-web.com
Expires: 2026-06-09T08:20:38+09:00
Encryption: https://bt-web.com/.well-known/pgp-key_kdensha.co.jp_20260110.txt
Encryption: https://btweb-demo.com/.well-known/pgp-key_kdensha.co.jp_20260110.txt
Encryption: https://btweb-demo2.jp/.well-known/pgp-key_kdensha.co.jp_20260110.txt
Preferred-Languages: ja, en, zh
Canonical: https://kdensha.co.jp/.well-known/security.txt
# coming soon...
#Policy: Policy: https://example.com/disclosure-policy.html
#Hiring: https://example.com/jobs.html
#Acknowledgments: https://example.com/hall-of-fame.html
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEaH+7i9gGuMgoGg214MOG4r3NhF4FAmlhjUYACgkQ4MOG4r3N
hF69TRAAvZrf8gau/316AdLRHCxAoU7HA8Oem1YKysvEej30LJT3CbGLvVXwgHOu
dKtWTkPRESNr8qZ8LY9gJ0mMfapr6BCZ+VzChDTquYfXK3V0bBKYikPPQg4O26Pq
kKaPoq4C4hw3Z1KEc64u2Ew2+6QuIqA/MHFeTf49w3jXO4F1P98her0bzUxSSGLC
CiP1RYeMoOiQzJvFluqdDS6yoNL2xX1qBBP/2fdIdZG9mSgmx/iS8GIDSLI95/rR
RJOmihsTskuS8GmxJeTMzTjs0QgbepsPur/6ZQS9PceGpFKILaS3iLZkt3nNdSOe
rFCrHd8FKhmIIxvAbSciSRPyeGM0ee+2o9xYjUfwsECBCHuWX+eaiCtNLr4rWuf0
yZgCLFh2W1R8wzVXjo09EigUv7ku60eUlEaqFXFYxiKUecMSPHP/299X0cjuEKF0
n/gDzQVol0zd47O9z98IitJLSThDzlHfqbJ9Vmv9/iAX/7AYFxI2AJlacLzM1zAl
WZrBZhAp/Fyrcq5TWwm2czP0WMqzwacLe1zBR3wiFe4M/BUqe7RV0kSnwYgRn6ts
DDIsHbSInrR2ZduQ80JPTyxhLUhDpsaqNxLlGt8dRM0f3NPg0P3kITTLuQfeRbgU
y3shJffbzsUkFU1YyB2iRrF/MG3JY4wftXR2RNpN5enSawrPi+A=
=ggHi
-----END PGP SIGNATURE-----