A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Contact information should never have a logical e-mail address. That's how you invite spammers.
Contact: https://www.s-config.com/contact/
# PGP public key? Sure I guess.
Encryption: https://www.s-config.com/.well-known/pubkey.txt
# If I get legit security contacts. I'll make a separate page. Until then!
Acknowledgements: https://www.s-config.com/gift/
# I might expand on the policy later.
Policy: https://www.s-config.com/faq/
#security is where i'm supposed to tell people what my practises are. 
Security: https://www.s-config.com/privacy-notice/
# Signature if you insist.
signature: https://www.s-config.com/.well-known/security.txt.sig