A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:website@watershed.co.uk
Expires: 2026-02-20T08:00:00.000Z
Encryption: https://watershed.co.uk/pgp-key.txt
Preferred-Languages: en
Canonical: https://watershed.co.uk/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQJMBAEBCAA2FiEEbDz3hHa9/zLWi3pUmVogq4Hg8zQFAmfBhYsYHHdlYnNpdGVA
d2F0ZXJzaGVkLmNvLnVrAAoJEJlaIKuB4PM0lJsQAKCQcYo5mu7ugfMuoT3tgM7T
utQQJP5Rpak5lhHfh6v5wLX/Z/or46vSYsbfzaWFwaiqXtF+xzslW8zMSohIsl4n
2M36XzTIhg/XeFGA4MXwbOi+nOJfkUc2pGPVKjaZd2DfCxR2gYHCvo69KcyY9G3Y
jEEWwx42QDBjFaVAwhlfcnucEQSvfiExdO8LuUn9OPKA2QB0uhbhcmjU46ReGg2r
ER+qom2WKT7BW2eCjg+Gmsa4RnZqmOb9IsSOxBhWPwCmqrG4JsoDSKffQ7QqSfBh
6HGnfm8YqwdisNztCKO6It1uN+Df2rnVXJLslgve/8HM9H1tMGH0VMnesr76tVG2
ViDX9JnucfNbQWptNwqmuQModHS0CIPGKkmNEydlGolsEwS/OdspNSrPTqGxnf1f
yrMDmD0Zb9Lm2Euck2bVz235BV95gjsu10dRij7UQ9JW+9c3utmOqiuQIqsAqOwW
UZwM7SjZZgIWFc9gco/kBljeN23tlvjvySLrkNtD2wPlr2NBrqVg8mAvSepTn+ws
eaMC3uEqNBKUYV6xW5ntON+XdbeP3LJJEjz5+H7L33zziBt8krkGrwiSa69BPrGz
sovBrdqDGWEIZHP3E8wS8EttMBtyVm6Vpuhd7ZKlBCn65KnXutDM1pGv0PN0qLBh
SkiK3fm7uMzRKTy9GKY/
=ZgUB
-----END PGP SIGNATURE-----