A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@ivarch.com
Expires: 2005-07-26T23:00:00.000Z
Encryption: https://www.ivarch.com/personal/public-key.txt
Preferred-Languages: en
Canonical: https://www.ivarch.com/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEQme0+Q8meKESFpvWHR73WBtF6aAFAmb5VzUACgkQHR73WBtF
6aD3LwwAnH/Ic37i3yYkOMRnjKDD0B8ncUhNdmKOPeirsMMMvHRw+3BCbRJt2L1N
KQ9XKLVTrjustK/1fyvxCGLhqZKPNjJPIvBTQ6PFqouYZHLqm77o5LiSLWUNHalR
MeAHXx1nREo9uZ6EQXKqJUdtdu+BW6dRFGx3Q6/3isMwVKBAqXiLag7F3gnpHM5/
gOYzb9rxW5cbbBUNNvAqRhUGkB6OsA5RtLGeRFRchNFDN/EofeaWrL4ubqQAxsBe
60DAjSyUGQNXFpPmbv8mJPh+yThMHcWPgj8G+yq6i9FuCOFaqTY5V4b4f3eGOMv6
EKnEsfWW13EfCenV6tutb4CTw+xeikGW3fW2x61YsnMbFWNqpM4E1d4s/vfCFHDJ
00NzM7zwp5Ds9kkFM4Rm3dwlx4EcP4oVUXG88hX3A/g+21qyo6FKYtvzLsge5d7E
jVa8z4N4fXFmMgAyA53t5RM8/3HkP+tJJa1T7UJV8ITex72ZbAuS5u9m51c5+Al9
4rNFZHNu
=iirf
-----END PGP SIGNATURE-----