A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256



Contact: mailto:bcycleIT@bicycletransit.com

Expires: 2028-10-17T05:00:00.000Z

Encryption: https://www.bcycle.com/.well-known/security-key.txt

Hiring: https://www.bicycletransit.com/about/jobs/

-----BEGIN PGP SIGNATURE-----



iQJSBAEBCAA8FiEE4mUOy5bkyTW2oHyx+nYIyJr7Kw8FAmcRHxIeHGNhbGV4YW5k

ZXJAYmljeWNsZXRyYW5zaXQuY29tAAoJEPp2CMia+ysPmbUP/2O8xRlHFEx4fJws

kF2JGf7I8iT7XtD/mdhXK8y6Agw8EHtdfU+7c+A0rX2KqmzyEoATaoM/vt3x1OEr

U62ETrGtJzF2X1AeXyAIrjKDzYtT9LT0lOjoOWaR+pDzMw1iOj1xJHW07rMq1/h8

IggnoXBDvYGWzTsV5ynhoF7kVc1jCWgOjm6DgHHbqtbBr3T8LW+bSIncukBGskYg

XHxWdjw8a3D/XEsoZJOgQ+1u6iqbM0iTrcFwPRE5Tjqzw9Nx8n7j1CMhlL9fTbnT

+XrItr/n+o07EJlWoHBaioYX329yWzHpDil7k32Xn2TqtVWnHqvM66CUCoii4++i

dF5D96XHT4Z9l5D1FKcK+Km9ucGXHWdi/5CncT0hrxyLYYB1iR9MwtOhqgVcosSZ

OmhhxNx2HLq2vs51FppI8An0bX/dcmPxsDTaaW3iWj4/4pkNbPiwD5Ydy6etCZFs

u/zxB1EPMjG+3UjQNUEO/KpiIGOOE2MjRsnCvQQEGP+mHjJ5xqIUYdmWaM//5tz5

wfF02q6sHKJ8zPGsFjwZiz5KnlTE1uxcph93iZEsFKG0CldB2exnNDjepVZ2btES

5OwrAdz5ZWe98IlESq9lN8DFDsktr3CYWd0qmQ52ZMtl9C5MJDmrBx4DNWO/TP5y

+UdLNUUdmxmWjWWJ1fXbbyUs7qAN

=ThB1

-----END PGP SIGNATURE-----