A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# RFC9116 security.txt for www.ashbysoft.com

Canonical: https://www.ashbysoft.com/.well-known/security.txt
Contact: mailto:security@ashbysoft.com
Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/A4CE5F45FEB45E09D310B30BC3AA89DE466646A6
Expires: 2024-04-28T11:00:00z

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEUVy3qz6A6s1oeVtZCg2QobndTA4FAmJqZ3kACgkQCg2Qobnd
TA4V7QwAyY1/IJ77UQRmxPpgK31g+0ZUSiwpJRsUOK4ReidhetquyCArpsxMq6Cr
i9hWfx9yBZns4PGLmvJxtWyaFQX/Zoag/ILNHUe7QNQjZipXyAc4N45AfBG/NGnw
QB1aJNtZIwayWp2wt17O39OR4c5+gRRezwhVAseFBLZz83gM3NB2UU2qmM2oazqt
bQXa5VeY1ebAPd3HX7mKyPlOWi/wSqsgyfpV8N+bpamS9hXxr3up3ewZCOm4N2I2
2S0/Z9by18broUN8Whsa/GYJZMdu6C7qmznJZy/VMMY1LjxZwGpviGLq7yHHpMg4
3Mx1FvbmwdE4GVcN0NVVrcmiSyY6n3dUe80SNGYFSfM34QqkP4kL7nEDE96lUoIL
pb574MzXe2YtQGlB5ZGpQxD5SZkpIxAAGsR+B6M4z5/it5Ks32ASbPS1SJ0ViY/8
roYxbscHRoVfY7U1dI4uGhRCEv8gHQeT/21p+AfEr9AAdUbxMZYBaRnzUdZFFEq0
Fa0XYo6O
=2A0P
-----END PGP SIGNATURE-----