A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: https://github.com/php/php-src/security/advisories/new
Contact: mailto:security@php.net
Expires: 2024-11-28T11:59:59.999Z
Preferred-Languages: en
Canonical: https://www.php.net/.well-known/security.txt
Policy: https://github.com/php/policies/blob/main/security-classification.rst

# Signed by Derick Rethans <derick@php.net> on 2024-02-06.

# For instructions on how to update this file, read
# <https://github.com/php/policies/blob/main/security-policies.rst>
-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEEWlKIB4H3VWCL+BX8kQ3rRvU+oxIFAmXCHKcPHGRlcmlja0Bw
aHAubmV0AAoJEJEN60b1PqMSibcQANkyBZX2OebH+X6HGBaASjywJBn2U+P0/WCQ
hBxeoJS2PoTBotAwbcWL+by0whPuc4H+tlhk3CH2HmqQZj3btDpGwEv+kAxrDQrz
JL9g3Y/TkcC9CQ0WpzqwsZIpDhOjjmzGfOpiXJfVHzqLDLf2iZTDTxaUt9uZTRvC
W+zBml99gak27w/MjHLn4L3OP5uIMq8HLSw0oEA4ksm9Uo6e/MhVN/lcG26Btvqc
GUXOlAfkwmCvRhVU69IV8zBWZEd4vvB1mNJcdiKL504SjtICyrw2A5YupP2kqkat
Gm2VNZMiaKj6qwYsJtlcJRmOGNY+E3BBIIYSO+i7Nw9b3yEh4BqkXL73oMJ9gNC1
bdE/HcaG+39uIBa1E4EMgBa9gxxNIAcviM4dDAjj0KXuprkn0g58DMv3cTF68vyN
3XX6HbxzB6eRy92YlRbolwcJrT7qU5VEL78bwCOyN93FSppqCYyx+y9MOdarMFk/
OLOZSVHlpWr5DwTbjGxbgtPWETEUr+paL3EkW3KA8dLoD7H7Aib50BvAcq3RLACn
38uZPBlULfIEpttRKKYSqxNSxfhTBqQB4dU6dmSrZk+L0kZ0KR7Smwdobz6IeA0c
wv1x1PdCiodNMzWhEHdkzqZ/O8SVshA+shNm3uyVr10UzvSvIg23HrYsvUZl2Ti0
PDLZowMK
=USeI
-----END PGP SIGNATURE-----