A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@xx.vu
Expires: 2025-06-20T22:00:00.000Z
Encryption: https://xx.vu/alexander.huemer@xx.vu.gpg
Canonical: https://xx.vu/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUxc0oLNIQMV3eZ7CkIghWhNmZqUFAmabo/0ACgkQkIghWhNm
ZqUsgRAAlCfTWc0sFG3Pal26Ra5VEiJNy0f33oBDvIx5Xt2/rQZ2izH+hHeFml0E
ob1zxhgDQmGr09ZzhXGodUcp88wiIBDAkkJL7Rs5wE2nP00oH0CQ5s9SrtWsKnTw
pJLU+0GIkIDp3x21oKmdmjRCnSb8B1u6SVLroGXHT3PEowLZgerHhDS+VPw+4Vub
vHDUrFnf5l5e1YuiJ2hK3x4tgtYLb4bMjo/gYfUYK4N7OMI6F07SL428Hf2gZBrg
L3MuprFDjnWpvYz1d10qyfxUWPPmr0geaY+i+kpwDZgLuBKAUWbuoLod4Z+kyOiC
SAuu4jAfMFXQ/CgR0PLgnw19P4TADXCvft/uPgDq7CrmAZ2UVPs5f1LTLYbSkP/Q
7yRTDxZacdkdRejCbAbt92QWPXPtEFqO88I4jjTwyyOsOqDBVZRtHE226gD9jE4+
INNCrp/HYGFwK4RuQJ9tiXw1V6YAeWjC8k9TN/fiVHyLYnmtQZ9s7wSbl/XIqvM2
wtFyKifbXyd5vYd2GUgJFbthYApNxPllWX1MBaRfPJJWRoTpdmaoOBzL9qihm5B1
xLDQdfWBPFAAd+8gRSnVUJihcMcFKc9IA3S4qyxjaJPgt8e8/GPN0wb3peqZgt0A
dc60+GALmxvQ9PLYqtbBYH3LSuc2VodaJe4ddFo1BmoOOGjO8W8=
=mJll
-----END PGP SIGNATURE-----