A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Vulnerability reports should be sent to
Contact: mailto:productsecurity@netwrix.com

# Please encrypt reports with this OpenPGP key
# This key was also used to sign this file
Encryption: https://keybase.io/netwrix/pgp_keys.asc?fingerprint=e9408e791451ac20cc1ad5942304ffbf10db3d09

# Please submit reports in English
Preferred-Languages: en

# This file should only be trusted when located at
Canonical: https://www.policypak.com/.well-known/security.txt
Canonical: https://www.policypak.com/security.txt

# The information in this file will be next reviewed by
Expires: 2023-01-01T00:00:00.000Z
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE6UCOeRRRrCDMGtWUIwT/vxDbPQkFAmGVa2MACgkQIwT/vxDb
PQlCNg//bNaqO60ClAX/Di5x7AEDzxUwRjfdKUkf0Zy/VLImsOAOKQN4J5BQLWV5
GDOzc05VDLxjHOt74dpOQFVR3bfoikPMff8Io+nL1a5iY48ki/aUEHCOyTpz5rYu
NVRoWAdG2/HcsUb2wIuTCkAWQpjT+xU10EKUaSNrApJTdnU/ak7IPdRfSSt4YLO3
sl6rhoeIaL7t4OVpF5spKqnAAGSvFJTrl9F5/EiNIo3PbcqEp6OSe1Qm+yRtjosu
1socKgSNL8XicENn5QVqOXEfH/Js++RfoVdy4XanmRVbaktFhlixQbxS7ICiDs1+
41dGxyeSYJMb+iQlUZgoxcdHJSVXUql2UhDMKMrlM6abwkJz5vOPx7w7Jt6BT8Ia
qNbG+Aaw1ksG+WvN8Rl5Z9CISMSIL3kfw6uJB1g5vH1jX8T4w6znCTavgvArSGYw
844oP6Su3cvdQd9XOc/w/YSYNvbm5exdCu5xok5DFT+7PeeW9X/KSdJ7k3AGspEX
E2i2twVJT7VypIjN/wYsjKSbZegkvTXPrcOQBp71l33EMfn9NUxxhyNSb1EGRwcX
BETnaOUetDRQUL9K+iqjhrmblMohO2plag2swKkAezPvVj8HGaQcN5gJk7k4sH3B
lYldBJvm6s0H6AG7ED9YkjJqt9O99VPYc0WsdR5x1skr4hw38J8=
=uLF5
-----END PGP SIGNATURE-----