A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:andrey@sitnik.ru
Encryption: https://keybase.io/iskin/pgp_keys.asc
Preferred-Languages: en, ru
Canonical: https://logux.org/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE6JLNqjfqb2PsarDgf1fE1vJv9lYFAmTNPk0ACgkQf1fE1vJv
9lZgAw/9E7BwN5DyrGkJoE+q971thsGMLKO33Ad9/JL2rCgOSaSs2f97a9trAqtU
HqSbxYpm2Ub3PngEgMigSqp+FGquKjfXOk8KHLtfZRPB57nab2Z/QZyQZ22MgsGo
MAZptsnDTaLKmoeI5LKAE5+yiJElE4V7hZZ1gxWkBii7ehkzfTl587Y1vrSvxvaX
/cHcIOKf9TfvhNonOnwzzSBcD97J1o3nlHuEDJvf7XTr88OrdK+i70PD/WMGF1yc
F2U/IlZtcGW9m63gNbByl+S5R5hnIIIP5+N5ACLKRATuE0fJAdCsOg0/PLOScqzO
HMDNgJAUmxJqLLuksx1ynYLNU/Msd8zH88lnT1pfhuqJg3l7pPaI9yjzbyy2Y8YA
Wb4xMrJmCp1dIGEEuLmWeD2vGS1L1Oy4K//tUhNbP3tjRK0hM1AHn5akugVoYM1y
DfNDDpfmWAdnkRAYCNYrI3VVagH/CIjClI9Likr1Y9dyJuAsClpOXEdbOImkjl7w
dy/CrZB4kkV0Nf66EBlqRgV/nlt/wiPGG5C0ktDwNTeRrbXjO4OEGc4BYUocDWTY
NQwIfj5ADsK7eWQ5jT/5Sr2nu0tetznoqZlOXl6c68eMvMPaUwHvSiN2CxudYatV
OhcGljt33zeaZorkPTPv2EKW+4srw9rPrM/IfHC76lqG1Z04Cj4=
=g0X3
-----END PGP SIGNATURE-----