A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# Thank you for taking the time to read my security policy.  This
# applies to all of my domains and anything running on any and all
# subdomains, even if I can't put this file there for technical reasons.
Canonical:  https://colincogle.name/.well-known/security.txt
Canonical:  gemini://colincogle.name/.well-known/security.txt
Canonical:  gopher://colincogle.name/.well-known/security.txt
Canonical:  https://colincogle.com/.well-known/security.txt
Canonical:  https://conference.colincogle.name/.well-known/security.txt
Canonical:  https://mastodon.colincogle.name/.well-known/security.txt
Canonical:  https://rhymeswithmogul.com/.well-known/security.txt
Canonical:  https://useast.colincogle.name/.well-known/security.txt

# You may reach me via email or via chat.
# You MUST encrypt your reply using OpenPGP, S/MIME, or OMEMO.
# Unencrypted reports will be permanently ineligible for recognition
# or possible bug bounties.
Contact:    mailto:colin@colincogle.name
Contact:    xmpp:colin@colincogle.name

# My OpenPGP short key ID is CEFEEDFC.  This key can be found on most
# keyservers as well as any of the links below. 
Encryption: https://colincogle.name/pgp/colin@colincogle.name.asc
Encryption: gemini://colincogle.name/pgp/colin@colincogle.name.asc
Encryption: gopher://colincogle.name/downloads/pgp.txt
Encryption: gopher+tls://colincogle.name/downloads/pgp.txt
Encryption: dns:4c1001c251c1c923bca00789638afb17e908d526bf3e9975407c65d2._openpgpkey.colincogle.name.?type=OPENPGPKEY
Encryption: openpgp4fpr:3ED0663BE44765CA146AF141B9D51810CEFEEDFC

# OpenPGP is recommended, but you may use S/MIME if you prefer.
# My certificate is issued by CAcert.  To avoid warnings, you may wish
# to trust their root and intermediate certificates.
Encryption: https://colincogle.name/pgp/colin@colincogle.name.cer
Encryption: gemini://colincogle.name/pgp/colin@colincogle.name.cer
Encryption: gopher+tls://colincogle.name/downloads/pgp.txt

# Please use English.  I know bits and pieces of other languages,
# but not well enough to have a technical conversation.
Preferred-Languages: en

# If you have followed the directions in this file (which includes
# encrypting your emails/chats!), you can get one of the following
# rewards:
#  1. Permanent recognition in my humans.txt file.
#  2. A shout-out on social media.
#  3. Some financial compensation for your time.
#  4. For the best security researchers, I will even act as a reference
#     on your CV/résumé.
Acknowledgments: https://colincogle.name/humans.txt

# This file will be regularly renewed whenever I remember.
# Even if it's expired, assume that it's still valid.
Expires:    2026-10-04T00:00:00Z
 

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQQ7NZ6ap/Bjr/sGU4FSrfh98PoTfwUCaQyc7QAKCRBSrfh98PoT
f32WAQDtwV2BjkwPf/VGtkTGeWbXqge/cj8oIVJBrdExT1TVYwEAh86VBnPHhNdR
I5aoQzXU59InBWZrTQVqxTBZPUIOTQA=
=zhlb
-----END PGP SIGNATURE-----