A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# RFC9116
# Serial: 20221229

# OpenText Secure Vulnerability Disclosure
Acknowledgments: https://www.opentext.com/about/security-acknowledgements
Policy: https://www.opentext.com/about/security-acknowledgements
Hiring: https://www.opentext.com/about/careers

# How to contact us
Contact: https://www.opentext.com/about/security-acknowledgements
Contact: mailto:security@opentext.com
Preferred-Languages: en, fr

# Our security key
Encryption: https://www.opentext.com/.well-known/opentext-security-pgp-key.txt
Encryption: openpgp4fpr:b53ee2db540c6084a43192cbdc5c4b7228cbdd8c

Expires: 2024-01-15T01:02:42z

# Some OpenText domains from Alexa top 1M
Canonical: https://www.opentext.com/.well-known/security.txt
Canonical: https://www.opentext.eu/.well-known/security.txt
Canonical: https://www.carbonite.com/.well-known/security.txt
Canonical: https://www.webroot.com/.well-known/security.txt
Canonical: https://www.hightail.com/.well-known/security.txt
Canonical: https://www.brightcloud.com/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEtT7i21QMYISkMZLL3FxLcijL3YwFAmOt9kwACgkQ3FxLcijL
3Yyxxgf+JmFFMq8Op3WkSehTVvZokY0DK+nkEMiTU5MbNDKcttIh1mU7oOkOdMsE
nspgq5O8imBbWEcFh7OBhzROgjXNmuQJNieBIdor5FQzZwhuvdLCcO8YRxLh0ZfY
Hs1T755jA215N5ZnO6/g9+vEmknzBdGOLBjgKR+dvIhfiXRN3pz5KKMZaFx5cR0r
w7CukWvryou6+JJjYaPe4eqgELQXROAUgrQf9iVBgtRtDxn4vI/Z399jvizgnK1u
U6/37MFdiF5gNA8zFSdJcyFbKCewe8iGwYvXaPc1PaXkNInX4INYExqajOs4Fb2+
zxr+AmVcKjkW4duG1UdZXt3kGtD2mQ==
=QfAi
-----END PGP SIGNATURE----