A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Expires: 2025-12-31T23:59:59.00Z

Contact: https://yeswehack.com/programs/dovecot
Contact: mailto:security@dovecot.org
Policy: https://yeswehack.com/programs/dovecot
CSAF: https://www.open-xchange.com/.well-known/csaf/provider-metadata.json

Preferred-Languages: en, de, fi

Canonical: https://dovecot.org/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAmbVsbYACgkQGKNIru1A
naEDaxAA0Oti+nE4JAYn3jLJqQm3xQehW1zKuPokIrKVAQgweinppoFFP0J9h769
LQjoXmRsSyT3W+4IAST+yoxqZghIezl5c2hf7xwDHAEVog8eD2fTkZAZg2lpvEO0
6FKBs5GsSZa2J5Xw8meFoYLTLwul1vyTaZp9NjA8PXbvXHo2RFqAJw6CKisMCsk9
61f0hZxvu9XLtXIkrTxqarCyrNErscJzbVodNRY59kQ/CMmjDmymDGSWLoAiPuoV
Vhj6lnFgmwrgRjsjGjjOeYOOdrP15EneFImcvWMjeuZCafB/u9oXlyMpqFUvpCWA
p6I/1MY+3Bhfy6DMO0XlMDR2sp5mOe8nUxmt5e0tzl+wfCKmIKhOPxwRro5oCvd9
bU48BsAWU/8ccXSwjtEs8FEtZVTg3/AAgxLH8cXdjnKa21thnX7yNWz9qE0Oogn6
2VAjE8YbUScY9BYhhwuFnO+I0nzVwzlv9J3lZ1ViBUT+YuStcFprJn8Lo1uVWs4T
wjDngsmD1ywTRFXzmSKNdSivJt7KW2G+glDcoaThJlD6+59mgTXnTJxjjxXraBLW
ZssA9no9PYvbeycP7qGVkEZ85FHiUxkZLcE6FeidYE9eevBpOhcLa0RW6Ev8oFfP
I+NfiISMg0KW+u1StXRcmbER50EDczCqTdIalqfWhdk2gEildUg=
=RZN0
-----END PGP SIGNATURE-----