A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:developer@l3montree.com
Expires: 2023-12-31T23:00:00.000Z
Encryption: https://l3montree.com/developer@l3montree.com-0xA71508222B6168D5-pub.asc
Preferred-Languages: en, de
Canonical: https://l3montree.com/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQJMBAEBCAA2FiEEg2Cvc8K1bPr9yFM3pxUIIithaNUFAmM/9LoYHGRldmVsb3Bl
ckBsM21vbnRyZWUuY29tAAoJEKcVCCIrYWjVR54QAJCcj1y74YrzVtIx5MxLnoIV
aqc7WS9ROsKElG+VHLFf0o8HFE0GU53IxzpuYO/9FYkM/X4UXWiPE2ZuD6oc3m+s
pOY3RQEdvyzoTr7lN3F42oy7R7Wsk3sbjOWJSNmR2YP9QfwE1NxtDIHDbEHYsX4y
hsBU1w/wzSz3Qh9FFOWxxQ5tolwzqEjW9WtJQyn5CLR/CyvMHGyTMK7FJBAGAmmY
Pr21Za5GWzrcIL2KbN9pCrRCrjLddBLvlyjf38GvUdDJDzkTLGydg2agT2UJW5XW
wUHs7oZ3DnVphHgfKmVEOX9OAHY/eZFjCeH0fhtqLD+6UtX+Fq6X15kSeMUPZaA+
VA/OVIKQBtOgdgWo885W49rjI87Km96fxtS6xXLGspXq6PEEord6YUCzN2vcrKzL
oZaNfzpGkjriZoMkYn+Hmpe/Xvl3BZLZhUNasv8PrC6HaJITM54QTOBG4W48NAJI
nEelC/569G6oIKuuAYgXDPuBpLxkV8ifw4rVnNK7BliUSjv4DjKwzG6k7E9wnHj+
TeMOdT9IGjxFUXDY5UGun4JZ8etBYO0kfkpE2XQUtrDtgvPHrfa4P1Z33FT7iQSR
JCYvde648fwmsDl869z+fYwjU8TUZzdRJ2bmBKiyahUYdMgu82G2tLnw8Ymdw4CK
B0PoNZ68phQl+iCmFbjf
=z37H
-----END PGP SIGNATURE-----