A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Canonical URI
Canonical: https://www.defesa.gov.br/.well-known/security.txt

# Our security address
Contact: mailto:abuse@defesa.gov.br

# Our OpenPGP key
Encryption: https://www.gov.br/defesa/pt-br/canais_atendimento/comunicacao-de-incidentes-de-rede/etir-acmd_pgp_public.asc

# Our security policy
Policy: https://www.gov.br/defesa/pt-br/arquivos/legislacao/posin-md-2022.pdf

Expires: 2026-06-03T11:01:00-03:00
-----BEGIN PGP SIGNATURE-----

iQGyBAEBCAAdFiEEPcTzU4rhwBXF1AykXqJWR15j7aIFAmg/B+EACgkQXqJWR15j
7aIKcgv3XulZWG/Mghcb2ld/7W5WierdHsTayXxONQR7wi8aIUEMiB9z0Wl6fcc3
I/AAUKQz4pZEpHzr2Vhuy8iKAO3fq9mbEOFKYQqmY2D6EH8dnW8pr96QaHK06bDu
oonaYYCRzYSvqVKX/7GGZMNMKU1e7qoovjXtCDB83wW6QM0LtXRTGH+oCXhvGBaK
C4GIkI3RILDbNero2U8yesmfwY8X4ZbzJBrbj6zARR2ZOBNPeKSCiEchhIwlKa+5
FI7N2uEi/DnIuX4ryi8L8C2S2R27nuWJVDBjI5Gf2Jc0czvWPNg+opOyO2H1y7LG
1SNkBIDgWFTwIrMKgdWvQUlrIWeCI5me3FZBtiPXL+QR9JHQmbkdFBzCc9Xs7QtU
GHdJqjpDk1P1iqFXxyZQRauAyLOWKqVV8GDSDU+aeRZyuumTP422E828Ww85yWFU
CyerJ6emkiLzwa/TyBWlScAy352bi+E1VUO7lwDXBZtAcWmoem/TEhpNZ/FpRMZU
66d+QG4=
=2cjD
-----END PGP SIGNATURE-----