A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

#
# Hi. Found a security problem?
#
# Not interested in:
#
#  * Speculative reports about theoretical issues without measurable
#    real-world impact. This includes:
#    * missing security HTTP headers or DNS entries
#    * copy/paste from SSL labs or other scanners and automated tools
#  * Social engineering
#  * Self-exploitation
#  * Any form of denial-of-service
#
# Being a small company, bug bounty budget is unfortunately
# somewhat limited, but if you can show a real issue like being
# able to access customer data, provide a reproducable report
# and follow common responsible responsible disclosure procedures
# we will probably offer you a reward.

Contact: hello@info-beamer.com
Disclosure: Full
Acknowledgement: https://info-beamer.com/doc/security