A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# ShootProof - Reporting security vulnerabilities to ShootProof

# Please report any security vulnerabilities to us via the contact method below.
# Please do not include any sensitive information in your initial message. You may use the public key provided below to initiate secure communication with our security team.
Contact: mailto:security@shootproof.com

Encryption: https://www.shootproof.com/pgp-key.txt

Preferred-Languages: en

Canonical: https://client.shootproof.com/.well-known/security.txt

# Please see https://securitytxt.org/ for details of the specification of this file
-----BEGIN PGP SIGNATURE-----

iQJMBAEBCAA2FiEEA+R23SwbGVEdRL5gvktyFLYFicQFAl5pAJ8YHHNlY3VyaXR5
QHNob290cHJvb2YuY29tAAoJEL5LchS2BYnE02cP/1lKEyU8e3Cka8l3J6zk0KY8
oOPxb/7NGt/5ul/Pbo43m0u/nGUv+qV8Rsk3eR4KqgWKcD6unJK0PrHV4cTKT+If
ddCHPSLh3hMF2AnOsThiRgsRJylz13NgrVCfs3jHg2eZJRnlKRxghMoRxatnrs1J
xRGiIZe6dcRylWupKclmIcLjQCwzUvcm08qBZDiFzTShdkDFwD9H88gECj620bFw
K+L7v969hLB5R13SrXJpwdnkSRA1NKfqziyms2dw93Of81M892mEZhbAx1sadAIY
bUsBmIJYusfbTsR/g7AV1gjV+sEr7x7FG2J2PH5HEPYlsFLAb8xq49mhPeI6RkHH
LBv+ZxcwtEQ1nqpCaSfRKf+zqOmsWlfRYStkppRgBpIT/bU0wMnReBPUmkYQd5oh
A+PWEDwBISy29ithED+My1kT9tJZDo2Pc5gVx1Chuc4uZXorfzES9Gs6jUwuAlho
7gnmKUzVbTzPfdgU8w8O5ijCzUeaijJXrYadKWH/+wJwpxt3d5ximsCPBWzEuZwG
+kM34Qdy/fgtxgDM65uA9xoa+ofMll4nf4vprr58QhgG5RiGO7P8buAihWqOs8o+
OdTCk6qcLG616B1UyTh5anFQXZSOYlEFriApvG78qQ+WVdSbyNTGgTTUkC7mSe3P
H22hlBGjgMgtRGh1DSc7
=Mh4m
-----END PGP SIGNATURE-----