A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:surfing@tommi.space
Expires: 2023-12-31T22:59:00.000Z
Encryption: https://mail-api.proton.me/pks/lookup?op=get&search=surfing@tommi.space
Preferred-Languages: it, en, fr
Canonical: https://tommi.space/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEnSEjdxO0hI0yEk4r5OSWj6PmTWAFAmOVtYcACgkQ5OSWj6Pm
TWCtxhAApUfJVntGEmgPqGE7HJ30odXKJpE1imiunB89t7UwwZo48KXy8ktdsW3k
Gv/a3aG/Iy+JS4S8rXrKAZfChZK/CsY5eNXMw/oEe44DaJYENn3GZhrNl2sMAWiM
bqIThxgP6BVSWCWjKS9QiU+1JiCyeVZcV2VBeXYf7kVmJ2OmvuanvZ/7gXh6H7Vq
uIxDK8p/nN9hCHV0XbnaJfrPG+KGNjbm8NrtFJGbJvpFGHLFzN0I5iJeQgT2DPSb
1Dw3zDRc0F/hyGf+Lwuv8tRYs0zQw9y5BoXPInBvznrZuPe/Y0mk17Buk+BZbQhS
pEMQ9FyjoNCpoAlp1n5bHKs5ZvkMdIwNhahrq2R7U8WW9ahENVaxFDUYoqznl1lr
MiGE72lfJH7L+EKkWPGvX+9J356gWxpgWXi3KmuZoFQvK7yOwi5nDqt0QfiCOIMp
5ugIJu9WbYRUj51q3iqNr0zB47rW7w/hwSwh3DLItzie31GNU7YP8qvQxMWKnAZz
n26axv8HzE5wq4Yo/noid9UxBKzNLXPWTYnD/WPwXSReVBTd2p/1UAG90m0m2skb
TgRozvFBfrshmPXmrPD9ly7gR+D5mazDZn1J6TVB3KCfmfDSKfFpNY0yeZo4WyBv
XrfwFVbymSXFJ0/SirUOCy2GkTOxVy1m6eOnbAc3Bu8kBO8DLk0=
=ryZ8
-----END PGP SIGNATURE-----