A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:andrew.norman@gmail.com
Expires: 2027-01-09T12:00:00.000Z
Encryption: opengpg4fpr:174EFE2C9CBFD125A90CD4C0428A9C835465A80D
Preferred-Languages: en
Canonical: https://andrewnorman.uk/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEF07+LJy/0SWpDNTAQoqcg1RlqA0FAmHa8E4ACgkQQoqcg1Rl
qA0KcA//dl3w/DY95uhAr8L98lf5q/QPlvx0YuK6+LuGM2JbolPhgr9doJgeBrmO
hH4pmjB/NBuNVN6cU9DS/yYbe5xcHNDFl1cD2tEFu1RFwbwduSrVBwFdpD84bprO
b8GlclOCIiA9pEJx8sG227P2iHg6YQMXLrozPmhXhKJLrzo4F502t8DEUakvM2lX
bpRTgs+bpHTQnYHjV9MTfDE0yLKaxiH2JjVSTWmNL7VLM/TUdn5bUx9vQG1PZ0r9
mGlEseW09AGrJlw+/3qeDNspStvLpmQvk5x813zXFgp6Djq6NfkS4gsVdTUFQhp2
mw85EGN/khIakCqaiCr5tYTkdafUQ+YLElomooklVXSJcd17rDxGCui3AQzCYciG
omfA62RNApuQRjAcYQi4tlOoQEERpJ91cb4yixxB8EdRlhPACj9r/DPPWACYmO7c
b4He4+KkW5dQ4DCGs0LWzKRUaCnjjl6FmGutXxslARXeX3xdk9Rxun3EZH23kSRW
664g6roawQZqvCB/J+o5KJyCJB33JabS1e16sQ/VKrfRbhWKLpbGyl5PdicajIrc
bcp8mcYQb8EbWLsxSUGPdHDIb3XN6yVt10o3H0mEoa91G9U+3ljI5oMsjioRDkJI
CfKUQnueDOaAGobai2OWhPQsJrYCWHHlf5/MKTOzB7Oj7e+3CFQ=
=6j8h
-----END PGP SIGNATURE-----