A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Security.txt
Contact: mailto:security@castralabs.com
Canonical: https://castralabs.com/.well-known/security.txt
Preferred-Languages: en-us

## Report Abuse
Contact: mailto:abuse@castralabs.com
URL: https://castralabs.com/contact/

### Acknowledgements
* Security.txt: https://securitytxt.org
* RFC Editor: https://www.rfc-editor.org/rfc/rfc9116
* IETF RFC: https://datatracker.ietf.org/doc/rfc9116/
* CISA BOD 20-01: https://cyber.dhs.gov/bod/20-01/#can-we-use-a-securitytxt-file