A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@secuso.org
Expires: 2023-12-31T22:59:00.000Z
Encryption: https://secuso.org/.well-known/security-gpg-key.asc
Preferred-Languages: en, de
Canonical: https://secuso.org/.well-known/security.txt
Hiring: https://secuso.aifb.kit.edu/english/Job_Offers.php
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcULToujNsX5ZdyJm3fptH3KltQIFAmNQQCAACgkQ3fptH3Kl
tQKqBg/5Ad94paK31QwMu+/6brnTkj1xcpykzLUv3oIX7teD9rMlRQWpfZ0aYTq7
GmaTKbA01EXs4ot0b2tBJETDd8RXyJPYIq6lB6zzmAydZAQ7N9Dro/tUr5q0cVeE
fV3QBFS2+8iLnxdo0wyrSb2j8Bn/dxummASkps1LNcbQKjEKyHi9bZ3E3ZW0raqs
TAUi63tGMysd4W/Z7K1fDAONtYnHMcuAjp5o0hOb4FgFX26zmNfR4ikM/WTAqk/P
5rSzonNeGQ1ExXonlJs2BeMNvmZfofp6VjSO+A9vfqwYMSOKvOK8vnH1Xw+MU62C
auzLnN2iRDvPT7rbSXpGnF+8/VqoKzQ/zpdj5vCnSLaGe8LL1brfEBDApWc9HtCV
JETjO0SWpznuUSFOgIYgmJ5mdztDvm/+XKx+zBBnUbdg5h9jJCuI6H7Pv0wnl5ZM
i/UvgsDp5VNep3v7B9637EaDn76DMcztOmLPdE8gV5Cxh9xBO9VqX18mZ8NNmDVK
aDBMZLV4GH4Xr9syLs/c92lDOvUdGdIbr+EXvckKgeJ+bltz5kTMs4mZOobugngi
RL2aBeuru6dKOr+aPMt3Iue6AGB1hdGcYq0HSA3vDALEl4R3Acm1VdZuI1NcS44X
lYuRGmH5nXHZmNUZpAzW4eW6TiYo6Zhm7IjkVwd0U7LtjjneYkM=
=sR1W
-----END PGP SIGNATURE-----