A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: https://www.nlnetlabs.nl/security-report/
Expires: 2032-11-30T23:00:00.000Z
Canonical: https://www.nlnetlabs.nl/.well-known/security.txt
Policy: https://www.nlnetlabs.nl/security-report/
-----BEGIN PGP SIGNATURE-----

iQHKBAEBCgA0FiEEIxAYaQxNkD70GRRqoUQyPeqs30UFAmk4BB8WHHJlbGVhc2Vz
QG5sbmV0bGFicy5ubAAKCRChRDI96qzfRRU9C/48WzEHzrLtvjTV2F3KccnIVFit
boluau9oJgKzUdKl5JZvCUqbiaAO6OPe7D7bdtip/pW9WfOXBWNt6G43y8slQYrW
JA8XvXKgHX3U3AACF/lFJNWsddnEv8M2pVZj7nbZvYqWvGonAgMxWTYpiiff4X9z
N8aGfd6zQpMVblqVwWbImmE3r4PEF49IfLlDDovUMWoJK2FiKLwxUMAfSXupnd+D
xiyBKLXAGiF3sls7t134K1sVZ13t0yOxNIBJdpC7KRLDOf6dQAsA5m3UtQNrurkw
Om14Hw09CYeC23D5tDYpTIXs9Q53Oy6IAWt0HA4rFS1/dq3OBy/v4sIYTNcBR+gT
tlZA0NV3/6awJhaDIky8vmA8RildX1QcEkHam+A8hD4rDf5OcepNbGfAeXNPv5Xe
UcMc+BmDxOGXgATQr4NXxIE8H1OwtMJWftUdNbp2IyOvxAfohxjxnc1g5Mt0hfw/
xUtt0BMOdVr+KM462Pm1dryASD1XgKrbBhc5hoM=
=9cJB
-----END PGP SIGNATURE-----