A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:cert@renu.ac.ug
Expires: 2026-01-19T17:59:00.000Z
Encryption: https://cert.renu.ac.ug/pgp/renu-cert--public-pgp-key.asc
Acknowledgments: https://twitter.com/renu_cert
Preferred-Languages: en
Canonical: https://cert.renu.ac.ug/.well-known/security.txt
Canonical: https://renu.ac.ug/.well-known/security.txt
Policy: https://cert.renu.ac.ug/files/renu-cert--description-v3.pdf
Hiring: https://jobs.renu.ac.ug
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEExepMDpD237EFMR+Q5V2vCivAJTsFAmSixtgACgkQ5V2vCivA
JTvKHRAAnqrF4Tr2vYnL+/Rgvr4jONC80kiKFhkwnT11xs+ddSWV11agbXLpImwf
T/mQR+TwYb3Kmy2c0MsyfO20H7y4tiyycZELaiFc5a6vpQilQNgFbyg7uYyCr8Bd
NbZOLUhQtXXkp154F5hGPm8a79gxbV5qYG7BMo51ZjIX/sE9V+6VxUtcyneZR7jx
74r3PW6I2/zDapRTcA/Zb5AHUYhhG49q/QBh3kMeWJMla0sVZLE1CV/SlJ/OkkbC
GhbzzzwAKci7i4MV4nwpHEJiaKXNwtmm3GvoZSanKwpvCrFfAlGKI8nojUfpRXPp
b+qSfqRhzsv4D9YK+CjEre6asRP6BpRTxZJWOVuzGSULt4mqitrgstCiMeKWn0tk
J/9dqMtDdrBqrNxquec9oaWZ4z+EhYk3yVR9SvIn4EIBVrK3EzfHnbfr8nRjDkDK
Q17bIgJH0WQVGC4fQuHyKF9SRmuGqdyeu38cNHIpmGdlpqSJBrZkglOJ4sCkcv0e
KPU6aPRwhov5AZwOcwJ5o/oZtQOD6d5jjOOqp5p+oIM82xL7/QLBN3eK7LB/5yTm
h7mOTj5RCwT0+RXUX5P1TjpvSqdN9HxIHfHJE5vOXdI8F0LPY/pKctElUkLB6xoF
+R6AVsNpBsiR6yn2GWfVQvOqcC5mSuFfCvXcA4xmQM3jUXlzFrE=
=3qyo
-----END PGP SIGNATURE-----