A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# About this website: Anyone can easily create a homepage with https://bt-web.com/
# Date created: 2023-09-10T08:20:31+09:00
Contact: mailto:rfc9116_security_txt@bt-web.com
Expires: 2024-02-07T08:20:31+09:00
Encryption: https://bt-web.com/.well-known/pgp-key_btweb-demo2.jp_20230910.txt
Encryption: https://btweb-demo.com/.well-known/pgp-key_btweb-demo2.jp_20230910.txt
Encryption: https://btweb-demo2.jp/.well-known/pgp-key_btweb-demo2.jp_20230910.txt
Preferred-Languages: ja, en, zh
Canonical: https://btweb-demo2.jp/.well-known/security.txt
# coming soon...
#Policy: Policy: https://example.com/disclosure-policy.html
#Hiring: https://example.com/jobs.html
#Acknowledgments: https://example.com/hall-of-fame.html
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErEOZBOfY5fBxUCI4rMTHrSjkFzAFAmT8/b8ACgkQrMTHrSjk
FzAqwRAAizY8Jb8T+qmFkVxo3XA0LCF1CutIAhBaGz/T9wyjDreacTLWtqqzJeni
T6vaD9O4kulwaUwBAXcnYrc6iWzgJtmBU6uiOoDZWph3yWxFp7fMC/ubgwbV/+Xf
KzW11M84Uh0+OlUYtM5LQxP9yr1UETEcklUl0dnGmQq9pliNwOkDeF4SztJV3uvl
M61/3dmzjSX6ZM33AezewuzbzACeBVkeMpE1/NnPh/xNy/zyRYeHOCtmOqe9DDlL
RO3m5aBcIVRZCyrMUQN2F9Yfzk6+59xQheJ6g41j+bdS/WLtu0ik5aqtQM4TTHEP
jDBhZjSIFrBySpKV290WXdu9p/dWzUFZcSr+BB3og/Jj1A+2CBZ4sEL0t2CwFpBZ
/W6hRVv2Q0ePbKjAOSN4wBt4NFTEVfPRbO4gKxOJTuIEQKozWHBjWUC6QU0bDb/n
oX+WVtNO60ATDBLxmS/1uQWt4JBA7+QWDBzNV3wOJiLp3CoaSp/UFjBV1IMc6CYk
+bgZhFnrtYpHt3+PCs34x5POGOyumnNW/bjEwXQ1WnKZvVX+qOL5Xl+LWBCj3gmM
+RA/RXYwZ0b3V2gAehZk1uQdGM89542IaEA5GOqN5ko9RZ/gqyOTyBs7fUnlde8/
/uYK6IFRfMuiItjORwc0HiXlPKnquwdDLJmex0q8njGPRHjfkyw=
=/6gw
-----END PGP SIGNATURE-----