A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Canonical: https://venev.com/.well-known/security.txt
Contact: mailto:hristo@venev.name
Encryption: openpgp4fpr:8f90acd84a09bea57b2a8208b3f0f129ab1e3cc0
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEb3bpRhP0rsM7JGcJ0Ms+pQ44p/YFAmNZMwAACgkQ0Ms+pQ44
p/YPCA/9El151qPZ92c0UbFPqQjakMHnIXw7dlF6E5geIWQx1Bg0HfevD34NMHbz
wcf/P0osP4sMcMcPkyJOvs/HVHD79i+6QIz100zFrLG8a6+3hJh5kBxpECXv+hAt
In2El7fx/WkMyLmiTtY42/trsnbjJWTcR8yP9hqWsTiAEFWvORCUwxOnOwG+Lbar
M+0BAnwpcv8F+5WO4tC38vMb1x8znPDh6lXfPtDumdo62ZAJfgS8TEZIzCKwmPKR
upWpKS4uI70ADSQOgJbBAJgiSVypGPyuNlaahzf/Ym0Jy7sbeJi9mlKY2SZEgfns
MYoUGEu7QzHOhaLdb6MxjcrGwyfeQZORLuq5t8euRTuXTOMcCk+wHBO/oCYta9gP
rK9CdULKMFDYbUyByMtaCLzjETKI2ekHZswdJirDx+3b1js5h1Q5ZwFegqrz9yHh
37zJDOWOZRhHc7UrGM7xw6XAmCSM+FerX8kG42XqSUypkXlr0F8/p5EWpYt2IyBm
HftAzNKlkhYQq/nF7R/P/RRYQ16528tIpEPpcZlhCwJhGgrCRnSM4QEIlT7brV0G
eaaOTHq7RkUe8olincC0qmlkEeKRqO02RdS07A5o25/0FKeKGR++aIK8+7rxicMk
8Vkyy/feM8QNlukasV70+5xHlCUmxoZN1DGcX3VPTHRqmdwEXFc=
=ixF2
-----END PGP SIGNATURE-----