A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Responsible Disclosure for Ravensburg related security issues
Contact: mailto:webmaster@ravensburg.de
Expires: 2025-12-31T23:59:59.000Z
Encryption: Anyone worldwide can determine public key via an HKP request directly to the mail.de HKP server (hkps://hkp.mail.de). This protocol is encrypted (HTTPS), so that no one can eavesdrop or change the key during transmission.
Acknowledgments: Marcel Kaufmann, DomainFactory GmbH - Markus Uvermann, Scholl Communications AG - Harry Hofstetter, Stadt Ravensburg - 
Preferred-Languages: de, en
Canonical: https://www.ravensburg.de/.well-known/security.txt
Policy: https://www.ravensburg.de/security-policy.php
Hiring: https://www.ravensburg.de/rv/buergerservice-verwaltung/stadtverwaltung/stellenangebote.php