A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:frank@vboekel.nl
Expires: 2032-04-29T22:00:00.000Z
Encryption: https://vboekel.nl/pgp-key.txt
Preferred-Languages: en, nl, de
Canonical: https://vboekel.nl/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEECnTadpwvBO/cecnG2eSEQsnqElkFAmJxRRoACgkQ2eSEQsnq
Elkk9g//We7bYRXjw/chStiLSEN9wJLVFHa76jH5s/SuNruTCaMYpkCy1RR47XWm
KP4b3iSexHWV6TBpNWMQTZWJ6dYycQfISfhIqtoISvG8Ovly3NdWagT2MKVQrvhC
BGjzvokToWD473xOupumdqNbJ3Y1bdLhEeX8rnA3xQXqUzMcFA5UZ1v6QD/+fiaS
HkBVvV8tjA4FDQlJeC+UqUgTVarw4FumfHqmeIzkGeDsvsFqNmY5hu1eJS7DLEp8
NuKUe8egXa75ZINS0c1Z7PpeBT29obsv+CyeUYV1OtUTWamGX/5eTdRBOBCsxfwR
BGPOtSTjaVFiKmyxo0EBmWI8pBQlwuNHMqZnYpcrhL1OruXD5EaCWgqxpk+zxGn9
8WS//RBUEHSC2eU+VsmrLZRJAvTV++0rKaevPy+2sVJEgnpKEEHSiGhJFzzuQqNm
aOlman1VxHHnToRY74wLLIz5x0pe7v1dtpKqrxIydhuJV4gCS1SJFHOEM8zM6hZV
KM4YKh39fPzmZ/g5lZrRLCaIvh+1yE+uduuMZ39m0tPLaR6ahBAqMfCOcv0Kq7dZ
4TRTPpUrNaK4Gxux6QPtuiDBhaaehHyWRhz0+Wrn9OuhNryD6BYppGs8IcZFf35a
BYhdw08k1+Uj3ji8H1DaJVQLibxeU8yLOr2xbikawHSMupyIcss=
=DWUS
-----END PGP SIGNATURE-----