A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: tom@nocoolnametom.com
Encryption: https://nocoolnametom.keybase.pub/pgp_keys.asc
Preferred-Languages: English
Canonical: https://nocoolnametom.com/.well-known/security.txt
Hiring: https://tomdoggett.net/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEUnmEPHPrgCn59q8OxCUtVnejGcoFAl4/Ab8ACgkQxCUtVnej
Gcq5KhAAkTNB8enVHLc+DmGP0xWetY2zMkD5A/BsoQKCYFk2ItRVBKvbUbxn8iO6
8CtKOdFZqZBL/4rJn7pu7fTwWzN1S22Kq5EBjV64BteK6Q4TMqYMkn4+noNxaHRK
QDaYrdqVx65Ijso0eA5bksuRw0f50hXq0Qv4UMsUuDk2HLvjko7Zge9vh05e8YcO
VTOSPAqpevVMPjjmU4ohQdnB1iVnXC/J9v3r9rL+QGPy/jbbbcKAzsCzxUeiP31j
Gtf/bTyoxJ4vlcmr+6VafT1pvPlDiXu3NEUUUsTo90q9RMpgsI57U59A8VrPNjfj
63ciP/2ytOcODJHwfYN5D5pPoJMZT5Qkzm0DeHJk042AqJ4n07puP3neybxUvfdp
fxL/KspDCn9QrERmoNFtMRBdxKu1MwSAVWRLt0DIN1a7ZzcrT6YPIy8YFHqXo7Wr
hkh1vVWiUOl0OZFJ2lamTwYdYbjyFybyzjffCtcnTswr7Xorc0HRXgAomDEHb7/W
9jJ9DRfL+p3hMBwI/9/O3B04CEPmFa6N1Khe8u8GPsmXgU1/bYMQ5rYxZlLlNO3V
Wj3um7N9rBt0w6fGT9msEGCv5FWDz8TerRGqdzMYrjgu/Z3y/7cxruaRFGpvy57h
sQbc29jVc1oUH5hqz5tnokhz5l32yfaPQFhrYTSIsDbPhmTLElg=
=G3rJ
-----END PGP SIGNATURE-----