A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@westlotto.com
Expires: 2026-09-31T20:00:00.000Z
Preferred-Languages: de, en
Canonical: https://www.westlotto.de/.well-known/security.txt
Encryption: dns:5d2d3ceb7abe552344276d47d36a8175b7aeb250a9bf0bf00e850cd2._openpgpkey.westlotto.com?type=OPENPGPKEY
-----BEGIN PGP SIGNATURE-----

iQJLBAEBCAA1FiEEpgZgtVEDg9SalpJ+DQ/G/5ScJ20FAmjo8zUXHHNlY3VyaXR5
QHdlc3Rsb3R0by5jb20ACgkQDQ/G/5ScJ2334A//SRDrsi0efu3dTrOS3G5cxYJM
d4s9eH8JY0eZ6Y2YhPOmZ3tMg/h5lV5HR/D816uh2CSyJmok4g2YxfZLiZyEbY8W
gPrna7hLn8otzoH0rw4KTtNJFWV3XW6mMfpxVGSi+2BpCwot5XLp9AOnIaBmn8sK
aAQqjGvljRD4FzRg5BlS6W3LaNqmpgs/D5HaUxa/TWZQyBXi4EGibEP/XhS6onKh
TImsFg5BhjGHq0JnvygqjqW+j9p8VNVtpKZ0feokHzde3imUMXepFDtFInGf+a4S
0qlcTsMt4DtLi8VELeI2WtaPUJkwnHzrtlP3/OhcEdGMT3U7aARGs8hNLtj2SxwM
UV6KI3/TUHc94dD4fJUuUVQMJUCG1yDb1IpfYmpF5yM5mf/Tg+n5xW730G1ph22z
GighKe5uVQscESrG/dS9I1Y7zx6k7YvvNpo0fmItQxUsTLkmSG9uQjd201xcQjZt
2SLHrc/975sNoiljTvpBmYSDEbMVkiLNe3l6oXeyi5ztprug14qfIQuvyoUMGi6/
mgH7S5nT7bcBKwNt+9RX+n6bVWJuvR4PRFlDSp0fXJ2tFy/YjnM042mS9iZz0JGm
iNiXev/h7nuUopl8j8p7fRnvQcfu3/oaUU2m4JL7emTYCpr3RDKAPBbyaSKdDABz
EEVhiFsiA9MeIvBXJTs=
=46et
-----END PGP SIGNATURE-----