A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@idnow.io
Expires: 2035-02-04T14:00:00.000Z
Encryption: https://www.idnow.io/security.idnow.io.asc
Preferred-Languages: en,de,fr
Canonical: https://www.idnow.io/.well-known/security.txt
Policy: https://www.idnow.io/vulnerability_disclosure_policy.pdf

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEzZBIVOtHaDnRU65LdSVA4cPX6YUFAmfhWxYACgkQdSVA4cPX
6YXUdBAAiby6wVvNyNRW7ybCLYx/ibxljbzIme3FdvpPRyWhFwSYZaTbTKTwBYWS
dI4+HOwEGh3GHft+RFg0pivdLmaQh0z0kOJrwFO2sbM+x83SwrI7a9Uabj1qieA2
rBfd/ECrNODfZhALXBQsBT1tK3MuY1fXz0FekAVfb83ETNm/xook+AIq1li1NZ2c
hAsBLNceTcxNrIbhBq7NbolCF+W2jnd4WOUInlgzcG+ev1DZPiZghjCekgeH7dwT
zyh0t82gjXt9esb5gUaeB3VK66o7zedPdLBofby68boUGamEUp7zhsBbNyYH8e+1
6q54zJSezYgMuPqo/l7GpJtXHbMLmvVYNwC1qIrngYLibH9+q9qNBlGVmF7Gri9X
DCK8gCghCIM074Mms007/O3iqME9e8gH+OlKts9rroSo7c028PzK9w3tm0ueLTgz
i59SfRGAIzgSHS0Tz62ehO5TgYE8HW9tTLfFnXi5KtFUxAZmgmoHbmpSQqLzHlAE
VHlws29RbBoHMo+FOEEXQ7IJXo3Sght4DO6OTvHL7V3ba9FJV4wowCwITzVdzyr8
koVLTzpQwjU3fNIQocCs4V6WyqGpJUpRQ3UmWlyp9+FeeIpSHr+lAaYaexEcpM5Y
6i1FVofXGq7KSRxH8nY1MtUcohzkMQI1vDBBTHELBOgcwRDmE10=
=dNEX
-----END PGP SIGNATURE-----