A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: https://krottmayer.com/security.html
Encryption: https://krottmayer.com/security-gnugp-key.txt
Acknowledgments: https://krottmayer.com/hall-of-fame.html
Preferred-Languages: en,de
Canonical: https://krottmayer.com/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQFMBAEBCAA2FiEELZHwE29L8Wl1O2ncMqd9fvotRZIFAl3Wvg8YHHNlY3VyaXR5
QGtyb3R0bWF5ZXIuY29tAAoJEDKnfX76LUWSl5IH/ioeQR1a2bLtKdgQSW/WEx2J
zQgzSkRU6aAHmbdKspWRhUlvDefHSeTnqa8bgfamm9skE4A8rzcfoD6R6/wLGLgN
zGN25eI9vPiDNbChWa5WLMUUlDePs3rKhD0V69rG62PfOg1b2UJ1TrlqyDvyMMRc
K6jq9SSAGkL7fQYydv0wdLEonyw1hbaisj6adwLI2GAXcPMd/P1eKwUasRfN4ZjP
LLdBDwB5G+s266MII2HrSHkiLRSHBFJlwDPpcN7BuvZtvV3pOfwoKgehE9A1Pa3Q
Dbkh5ZovDaNgzFbCKmLW2BILwqyNzoioBA/XUxHfUVkcUO2p+oN/9vltP2EJT10=
=AFfQ
-----END PGP SIGNATURE-----