A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Canonical:  https://colincogle.name/.well-known/security.txt
Expires:    2022-11-24T06:13:47.000Z

# Email is best.  All three encryption directives point to the same key.
Contact:    mailto:colin@colincogle.name
Encryption: https://colincogle.name/pgp/colin@colincogle.name.asc
Encryption: dns:4c1001c251c1c923bca00789638afb17e908d526bf3e9975407c65d2._openpgpkey.colincogle.name.?type=OPENPGPKEY
Encryption: openpgp4fpr:07E884C70EA50F815CCC7CD754D7834DDB6C364C

Preferred-Languages: en

Acknowledgments: https://colincogle.name/humans.txt
 
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQQ7NZ6ap/Bjr/sGU4FSrfh98PoTfwUCYZ4gaAAKCRBSrfh98PoT
f6CQAPsH1qlpkIQZOR0CxU96qtSykdqS38SblvRnR9Iki+WjvQD/X6uhcxDakjIU
5DWlUCSWjPu33DjSikkYyF+8uNnDago=
=HKSa
-----END PGP SIGNATURE-----