A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Contact details 
Contact: mailto:cert@cert.ee
Contact: 24/7 tel:+372 663 0299
Contact: https://www.trusted-introducer.org/directory/teams/cert-ee.html

# OpenPGP key
Encryption: 7B96 A5C7 079D 0CAF 9BEA C713 B05D BD10 A32A FB7D
Encryption: https://cert.ee/.well-known/team-key.txt
Encryption: https://wkd.cert.ee/.well-known/openpgpkey/hu/3wpiy4cs8sc8t6jxdu76q9hjnmg7mczp
Encryption: dns:06298432e8066b29e2223bcc23aa9504b56ae508fabf3435508869b9._openpgpkey.cert.ee?type=OPENPGPKEY

# Preferred languages
Preferred-Languages: ee, en

# Disclosure Policy
Policy: https://cert.ee/.well-known/disclosure-policy.html

Expires: 2027-04-26T23:59:60Z