A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@greenbone.net
Expires: 2026-04-01T00:32:05.000Z
Encryption: https://www.greenbone.net/wp-content/uploads/greenbone-security-team-public-key.txt
Preferred-Languages: en, de
Canonical: https://www.greenbone.net/.well-known/security.txt
Policy: https://www.greenbone.net/en/security-response-team/
Hiring: https://www.greenbone.net/en/careers/
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQRg34Y8dSar2h+1y4evlJTaT1brrwUCaNx2hQAKCRCvlJTaT1br
r7HFAQCotYnuus/Qy2xsfkDuJTtZXkseVSuBo2GvCGBidnG7DwEApKu6GBkF73rp
Q03xx63odaNpD+xsKsQenO2RDn0XSQ4=
=hm4C
-----END PGP SIGNATURE-----