A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:jaco@jacokoster.nl
Expires: 2030-03-08T11:00:00.000Z
Encryption: https://keybase.io/jacokoster
Preferred-Languages: en, nl
Canonical: https://jacokoster.nl/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----
Version: Keybase OpenPGP v2.1.13
Comment: https://keybase.io/crypto

wsFcBAABCgAGBQJkCFMfAAoJEIGqI2ki9PHaaS0QALBpMSVF+PPNFncdPO2lc1io
m7/pVNO4s4NJu1BZMg7xABtzSwWY7eksohHulto7TCcoUCYp/nS7hNhsLs2Dg58v
WUQ/GCoo40XmbvGERvaePQgBO+BBiLAdskTGxyxQh0btiJiIkMyHFj5koZLC0rlk
UndQOq7CqDfUroMdDTCcDBt3jgK+fZePIqRPWgyQC/0Dyfe9+HWCCgSGR6j+aIWJ
sr+nG8Hm7y2fzzAwuAQzG5RZvhwEkFmDhLXbeCupz/w9YaoaJfc2S0zKerrr6ngb
5GaLrWzL1/cgG6RBnO3tOIIiWGuwXaColWdA9zrjK/0XRjSv159QmMiDBIKzB7Gp
FK+Izo9EfO+dsRwvOJpmtB0hb09b/xMZFOnSzQvdBU9hUJ3TkkupHCGHoZAcMJGc
wnk1z6Pq6GjstbDy59yPfwDLX/CKHGPp7zYbUZysvrbivorPfX+nwgGjLy41dCgZ
sL2kL0PSbuDBNsQC0BgPqEvEnnD63usiWyaZB3oMRsjQ2avxQMxmTdrjS06Vdgxp
d9DGnDKYMDnows7cwC4vy2ZtsSy/dZ/nuJbEEJ5+BV8B6WDK1wRC+BWa0FWWO+kQ
TWmF/pdj+mEM7F/F5FbZpalbFQybF+RitOpbZ+XGf6OckxMvoOGuIHndj8DpnpIN
4mKz0lJ4jY3icvnxBMVJ
=/K5v
-----END PGP SIGNATURE-----