A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto: abuse@ee.is
Expires: 2024-03-04T12:34:00.000Z
Encryption: https://ee.is/cert.pem.asc
Canonical: https://ee.is/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQHABAABCgAqFiEEjtW0qW++2uex2kSyVnxD2bPxZ3MFAmQs1EwMHGFidXNlQGVl
LmlzAAoJEFZ8Q9mz8WdzVAYL/3TWMH/61982BqWBG4A62KttlcShgSYbiOwP+GB8
nMM9/5Gc1Ab5fApXL67NhVlccYkytih30k5sU+gQ1eoi/cRsLpT3quFNT5w3+eAm
n3qVr2+1Jwrl+W2EhgH7lDsatRgtsPMUt+73kjrmgHzzFY/rzcbqcpHttOiO259l
9UYdBvHAnup+UXqU1NkcN2/oWT8m1kGFQtfTddvpPoRTO2baSr8UKHyq46vo5yEu
okV/4Nu5N5HImHHEmJsiPAKQdXAsrBouXRfaGNw86eVzU8XqrXItZiO0vk8ryHM7
qgUA13/V0R7D8BK8yFEKHaRki8E6eu4lKyg9hjd+Dj/yFr31ZiOx0k543z1uDXdE
SLTyJML4IdSg5h7t9ck6R/x8Ynz5+id44OxnKUh8X5codIOwX9Bvo29ZcMHbLnpJ
of/+AZhcvPXoZPx9tZH/AaayMN1mADYQdEzotlhUyt9ULafhjwqp4WQiTJXHkd53
Ge8km4hcxv3/06A4eH0t4hIZvQ==
=glcg
-----END PGP SIGNATURE-----