A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@init7.net
Expires: 2026-08-04T11:00:00.000Z
Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/16C392F6D380A69CCF592BA0330EB3AD758A2A59
Preferred-Languages: en, de, fr
-----BEGIN PGP SIGNATURE-----

iQHHBAEBCgAxFiEEFsOS9tOAppzPWSugMw6zrXWKKlkFAmY6OIITHHNlY3VyaXR5
QGluaXQ3Lm5ldAAKCRAzDrOtdYoqWZRrDADIr38opN/o/taPXKmSHyeCe7LmWK/0
Vmux91A6kQd/P5FQsozdzR2Q0QzMxm0JDUOFYIHfDmpzDx20w/3Fk0ou88c0T9PW
GUSVEx9tEn2XsV2q48wauj8R/PSQ98x0qouDz0UpoDxZw8shr5jlR9THSVw4cvU2
+gjh+iuchyVWDnBVieC+d83w0BJ5OmL0UzF20FkS9/hkZGDkMQbL6YXTZan2FJI5
borhMA0ohD5/3skwjr/OlTPGkkqdTwb3L3QDrdN/xmK+Cdwd8/NIdMJF+jKZdqm+
7nAA+0k/gZ2XLwxufJhPjR34nMlC75omFu5BuCggZ3dCWnM+g6wN997w3lYTxJYj
XcOhNZlbflrgNo65g5/SpawZryg1/Kiy+64I6TwIR64FvLWdUE384dpDX2tH/uIQ
Vqdp+36aS0zzGXGG8XTdXBbWBojODqA0AQJZzBWrf2gy6001xoWVY7xtkLErb0V5
ZwmPkKfjANgszZYEX2JzChGBxqhs9DfasaY=
=UIxO
-----END PGP SIGNATURE-----