A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:pkuanvil@proton.me
Expires: 2028-03-12T16:00:00.000Z
Encryption: https://www.pkuanvil.com/assets/uploads/system/pkuanvil-security-report-gpg.txt
Preferred-Languages: en, zh-CN
Canonical: https://www.pkuanvil.com/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQR90fqzpQmB4N4/eEIpmkAwrTsNSQUCZA4W4AAKCRApmkAwrTsN
SbKEAQCQmXZJN+Ypp+z6OMhzmxihr2v0YqSE5QXnIQjbmKEW0wD/TPPF+44gZNKY
chPW9+2cKeT6Fl/rCIT2B6BpVC2Uyws=
=zRg8
-----END PGP SIGNATURE-----