A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@checkmk.com
Expires: 2024-12-15T07:00:00.000Z
Encryption: https://checkmk.com/.well-known/pgp-key.txt
Canonical: https://checkmk.com/.well-known/security.txt
Policy: https://checkmk.com/responsible-disclosure-policy
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEiQLD2fu0XTLpVSObvap2KBbU+IAFAmOcnDwACgkQvap2KBbU
+ICIphAAhxZQ1SREg8BuTg14QlkFJ3czU18cRpgAVNJlSqytMW5uH06ORh07a/JC
ROS2NUiz1+J4c3AMrePYX5aeXXO5+wIfldY8oRccyE3i9CVgUgKUun/5HaxG8NZS
DuoKuVht1gvwfCR/P/HVAwhP+R5s7uHpbic3mq564+P7PmPmxfXTNQ1m+2Nq1nrr
KnnoBp9VKPjw2NWQCeIgElyc5quv6imFaLFGYe7u9QP25Iy8RrSlLos6wzIxUWel
J8oVPCtakD19SzqpXUnmTui/utIe26D4xLv+PcHBlm53ndHMm8anI6qyljkb1u6r
P4F7ef7UPM7v8EVVkRIYDsMViCNeRHTJ8ZnThTBE1fyWVYpcwmQXwKQmecdUZDEl
l8TZ25EomzmP4LZyfyog/5GKhkz+s3tmvcm0x5ypBLDhyKwI+vkSR8KOKUelLQ0I
wm/7EdBOAa6X1XqefTmRPnCHSVW8lGlUo5nww+/O3BsKXXJ5IXEUF+f2TcMsn96w
aZlqoQkLyicju9oAY0G6mMBxgEd32rg1tpOLqXaDJM8D3zVPVCaCLNE2YYTc6Wzs
EttrXdXj1JgCBmQx1gXNNg18pRT5nAhsWb/yU+JyUmIfCB3BCQl3iQKeL+9NMTTc
OWRd+8p9BC89sTzHTJraLB7WWfTGMBkQJw1MEQLFhQNyYCo2lkY=
=pnl+
-----END PGP SIGNATURE-----