A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# Sol1 Pty Ltd, based in Australia - security.txt file (as per RFC-9116)
# Thank you for taking an interest in our Information Security!
# We welcome responsible disclosure and will handle reports appropriately.

# Our contact address for reporting security matters.
# Don't spam us, that's just rude. No sales either. Only security reports.
Contact: mailto:security@sol1.com.au

# Link to our vulnerability disclosure policy and wall-of-heroes.
Policy: https://sol1.com.au/policies/vulnerability-disclosure-policy

# If details of you what need to tell us are best kept confidential (likely),
# please use our GPG public key to encrypt the material (msg and/or files).
# Also to check the signature of this file, but that's a bit self-referential.
# Fingerprint: FAFD 2A29 EC39 2E04
Encryption: https://sol1.com.au/.well-known/GPG-pubkey-Sol1-Security.asc

# Language(s) we can definitely read, and respond in.
# However, we can also read Dutch just fine, and German reasonable well.
Preferred-Languages: en

# This is where our signed copy of security.txt lives, do check the signature!
Canonical: https://sol1.com.au/.well-known/security.txt

# Updated at least annually.
Expires: 2023-03-11T00:00:00z

# We are also active on the following bug bounty sites:
OpenBugBounty: https://openbugbounty.org/bugbounty/sol1au/

# EOF

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEMmKXX0XofbOzwxKD+v0qKew5LgQFAmKFr5sACgkQ+v0qKew5
LgT7dA//dHAXF0L0m4AGHY7xPROWHyp3bZqvaBzd1ejxvngDnxD/rBqq4L+aaDPM
oIJhhGPdfFfOocm5gpySvCyAbVAOH5ex/5bD+y9lPja2pwUb+0SWbcArG9hYwbkt
nO6BAQeJv5FEu4wchBmxWevJpADXytXLq4bGNxC7Lh1t+7/hq0b40MMaMNDiOI+Z
UwcYMOI0m5i7wvL6gBSzxbm+4BkwNevyQ939mTzWS0OBcgjftnIswU9XTvueVP01
d98KDtf8EMWRlNkuPtsgrEQj21fG+JKeVV8t0ceVJWLCtRenGFQw20QYaCl0Aywo
lq+hu7BjApcVgqSA1mc6S7LD7jZjQ6fXHMR27GU4qr8CpDhIbtWQtnohYXCX+5eU
qttEaMjvyDrxm0QCjgSbKZQi17+1uisQ1vwVVKg30vwt6uKEtYIApJzqeqnDcY2N
lu8dkn3i26uqcb6z5edNbzG1Q0zW0qPgv0ouOHj/cT8GmccRITJkEPZ7HlZ7xfs1
n+kbEa47JeYwGkDs8NSfB6YQfRiDk5ff+/UDtZ682lLdLmXof930uQR78n0M2nKt
hYsH/0BVsRNj7ZPWengbj92YKIzeW5aBA79mlkdUsFHujNccO29MFJ1mCqu/rC8W
Jbc8p+rrz/KDD5sqO7bf/E4B7ApU0RadKWKSYITVi9BtLSSMYNM=
=wT62
-----END PGP SIGNATURE-----