A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:me@turleo.me
Encryption: https://turleo.me/turleo.pgp
Expires: 2030-01-01T00:00:01Z
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEDJkxO2bdhh5JzEPXx5BrLujU/iIFAmj94gUACgkQx5BrLujU
/iLWdg/7BBsOCXDbV1kFWvfnGU1q3pDYq6x9KpvCKXHmP/VgC9DyGujDTiah5lPQ
8qzSvsi37TolYWBPmfKD4fUIi+QxJBMiM4KhMe9ZL/eRmAUE0rBg33m6g5/nW5nS
sMxqLCuTQgQj3e2AeHpoj86QZVRMJGixyP5iVV8f5V8HZtFL0fkE5SWPj6PKNeYu
eNBWXl8zIFKX0j+m3MJbyJx83/ldsi9nAfG2TfQD0yhQZv6HjtQl9pkBaGHHaxQt
5EPFh1BTDhd5U7clg8ud4k0cTYasVgpvajf3hQagVPwVrj/dwxRnKb7jx0wM2JOw
oWDZxalxr8BXlGxL4ofAZalkdQhNWDkvUIJfrw5Xm+geN7oNCFSU8hquOSyOJxtj
7A5/dmWa/sDadZWgjlwnkITudja0o45yW5U3a+DH/65sWll09M30gACK55c5XBm2
Kv5NDfsz/c2cxYdxkHUNW5rIq30Zova7tKF0xFS1h/P2q+4ZS2vUtasYQ1GE5Ubz
ETs+moKcfx1ZxIoaWwtodZWOZDyQNbSxybvyknn2ZhRlVN0EOKWtvWdYGvj8jLkR
5KsOAfeIjDzqLYJzo+HMjK0CsrTd/IwMkWNRrUUzVk7HrsjmSncagYI9KdfpJHT2
lL/ckUDvb+6QAQf53rOsqgYyLHnszF6lmCwIV7QTs0qaLH1Mc14=
=WO5r
-----END PGP SIGNATURE-----