A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@rescuetime.com
Expires: 2026-10-07T02:30:00.000Z
Encryption: openpgp4fpr:202A532A100C5C67A6B894ADF3D473B4747129A8
Acknowledgments: https://www.rescuetime.com/security-acknowledgements.txt
Preferred-Languages: en
Canonical: https://www.rescuetime.com/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmhZ3Zcq9ZEmq2WB1VclqfLSY3qIFAmjlBAIACgkQVclqfLSY
3qKN6A/7BHFIwbiKa7+XqBnlLFx35ViYR2paoTJGDcFKJs2v//UyMPzNwAqGcg3R
0EEl+VxdxAUkBNyypMRsVlR/kZjnD4/cB3iSVCe2P1B29gygGygASzUqnkr2FFU+
InMbswMEPPLZv4QtK6Gb1xx4Voh5LuEfw9TIVyvhQPHdwqYxXX/eovOJObvRGFoz
1sIG7nirmvOJIBkcPpP0309vA5mvrW1msZtlLBy52vgSh0AwajlFoLetTCQh6O8F
cY7dMj+bbPWAToSwAkVSAsinldy/bRDlWlzA8Kg4/D0IQzg51kA+V5+q1uL8zelG
n6+s2ibzN54psNkODcOHy3Kiw0NbT0pJLifmeaVudrwmi6FCeHjXrfed6u8AfwgC
Ba4wKZ4vSClKtlLMo+/A9lFLpyhivKJolQrvTCgwtlbKnuHuxRnQvH4cm8BBt856
vxUIBtfk3/SG1rieBZqbNSeRPmFtZ0136wpowredFCw/3Hl1il+tySDq2Pa2j28w
2mFEXF0YkHPOvOn3e26gflQvEJw2zo6sQiE0K0yotsYlGzhOjDVm4gX2vui29sG4
G9xwexehaS/LHrVjLE/nW6mUiVMsT8Kc6HSUnmpg7/uImXrZCMgexJoBXkC2S7Du
7bzTqpEGAFQdlLpioRmtydpG3U/6ESQloMSHDKoZ6fTSLZYnSA4=
=pCPr
-----END PGP SIGNATURE-----