A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:so@notonpaper.nl
Expires: 2028-03-09T23:00:00.000Z
Canonical: https://www.smeva.com/.well-known/security.txt
Encryption: https://www.smeva.com/gpg.asc

-----BEGIN PGP SIGNATURE-----

iQHLBAABCgA1FiEETIM6wQgAmqoPbvsnlsYNHruOH8kFAmRCQ4gXHGhvc3RpbmdA
bm90b25wYXBlci5jb20ACgkQlsYNHruOH8l+KgwAmogh9IhHr0tfOyUZ6djd1jew
bYa8lrK/dXB6A1WAEHI8NLK9yKJYgICYTP8Kh393gqiavPIKi0aW5Xqd94OAnkGj
KG/B6IUgAn3GBisCQ4ABJdPOzn7DSQwjfHGvey80J4Rvac+rpQ0dlyFddg9bDTms
+0yf6WJCTtHexwH4JLH8btYsX4+U8vm2RwoW8t0L1hyJZBvajy46NuN6uzxrAZz7
2LhL76+raE6D35OjQ+JEqSusl2VGdf+0x6O70tuACaesBllws+CaYTGfXH2G7Vjp
+yvMV/FIgIwt8k11tiHkFY0i6Ggzc2hDTQL9AGIQBTmZ/Vy0JtIpMZj68I2jk1cx
7gUYPXCjApB7SPbuv8BO2l9nv795J/bYehKZ+otmnTWdM9zCNFWXWKOUIHFwMzDT
LIMEuPHKu1+nu06U59q+PzVPH5nCebp2Xw6y6A+89cMhiffInaED/9JcEdEIwciP
rCbZSeIcYFtn9CmXlCtOIryDuMFmTVtHv/yzz5K5
=/q2I
-----END PGP SIGNATURE-----