A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Canonical URI
Canonical: https://www.pexip.com/.well-known/security.txt

# Pexip SIRT email address
Contact: mailto:securityreports@pexip.com

# Pexip SIRT OpenPGP key (RSA)
Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/0A568EF1BA8E24D7E542D31BC972BD7062C07FCF

# Pexip's security vulnerability policy
Policy: https://www.pexip.com/trust-center/vulnerability-disclosure

# Preferred languages for reports
Preferred-Languages: en

Expires: 2029-12-31T00:00:00.000Z
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEClaO8bqOJNflQtMbyXK9cGLAf88FAmUyiJUACgkQyXK9cGLA
f8+DdQ//ewrB7qijENmkkGi5KF9EYcIgRu8WoHFfISuRS4iwfklE5Cjug0QxY6Mj
FhI2ClWMbn1/BJocOvjluhirF1ERBFHOJMNEEia3Li6w41D7Vwyu9twWKqFltLyM
2gWkVZGgpeY7BdLufgUCdowbRoYuFa3VD0C7aDuLFc7p/BhB0TyqcdJa3shsO3+s
EHVgMzzmfB8M9XA3/y507SejTcVilzbSFmiq6VOIm9wZIjvAjQSK8IKLjp8Wu9zl
7Bm0egA7iFCYGOTqU4izHtTXDEZ+vK96jO9KwMjVCm18D+Vyx7v07JFrFB5RLaD8
TJ4/OCRvUj24qTwUvG4jSqgvicLSws5k5PNCCQl3BG1xXLKYJfW4tGKAH1IOtqjT
RmK2Y2PvFLfQfB0kjQxCP/ddJzhi1cFZ2PqpIaTRzPwycYcSShYoBS+DZoiw053Y
fIDQjbizZnhIHn3Y/CljbaNTyPpOUn3Bb51jpSaLDyT967tJcIuvy0EM5lqNuH9e
Jxm3P7AHNJb6+gq/PA5jS6eLZLQziYGps7dhyVQOJW7KqaYrNhPeZ9xLDP3DkEpH
RM7/zLW6RWeTOeszTvasU6qxqv+I2z+igQ4sB+uFmt7qqUpe9X4++e7VTacjE+Zz
kcLdNvlBEvPd+uj8vYjEt8fxlB+L2O/VJVR/PwuUc0lPtUKizxs=
=pT0b
-----END PGP SIGNATURE-----