A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Canonical: https://gust.org.pl/.well-known/security.txt
Contact: mailto:admin@gust.org.pl
Encryption: https://gust.org.pl/.well-known/pgp-key.txt
Expires: 2024-03-30T10:00:00.000Z
Preferred-Languages: en, pl
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRZno7br4DR9DLjNZrJ20I+6k8Y+AUCZBYdpwAKCRDJ20I+6k8Y
+NABAP9ij1qQCyEUBJz2gGX36YqIytXkfzHhODihx2ZTOZlZkAEA0oO2BaYcPsHF
cOMpqVoF5mm1gR/duw0to7NSnxv3mQI=
=BGNw
-----END PGP SIGNATURE-----