A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: security@andreaswaigand.de
Expires: Sun, 1 Nov 2023 00:00 +0200
Encryption: https://keybase.io/awaigand/pgp_keys.asc
Preferred-Languages: en, de
Canonical: https://andreaswaigand.de/security.txt
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE1Lbmn0gcfsBGmUzh+1ZX5ZE6O68FAmNgLlIACgkQ+1ZX5ZE6
O68fgQgAmhylznThSvoJ+ihS8ggrHg543GRlQaxoqz5303fiTA/WMqx/BA7bm35a
kMcHoP+Jh4ivK+LVtiFRyPVfjt4xah8tw+6EYtQiMwRqUrCIPeB5MgtRpQRpo7fU
cKkIybQTwxSKPdTcEnhGlOcPyU4dyS/AGa6NCDKHILhh8BED1wZaXKSp1Od2TB6V
Z/Df/HiRBAawpN3D5jmno3+jdAAtf5k8L3PriyZqtpNAItm2n4Z7iDbrNmHLxJAf
gC8felsK4q2NQBQ16tBZA+pD6hFWBJZvnUmrk7bABOadZs7SPuUdn2GJ2ZYy9rxB
uykgc9qDni1zbDcJv8Jslb1hS5T3Zg==
=/LJb
-----END PGP SIGNATURE-----