A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@element.io
Expires: 2025-01-30T23:00:00.000Z
Encryption: https://element.io/.well-known/pgp-key.txt
Preferred-Languages: en
Canonical: https://element.io/.well-known/security.txt
Policy: https://element.io/security/security-disclosure-policy/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEECLLwNWQMfH0ijgR86JGh8VeYwfAFAmVM4h0ACgkQ6JGh8VeY
wfBG4w//ciK88N8bhh1kZFWYn48hEPBN/5HeDlvWdFVBKJHN87Dmp39Kt+Q8Me+j
A+jqlrqehZ9ZQo/wB/S7lgk5pOsLPtK4So6U622Rly5KfbKuPDGzUJRqBcFN8a6U
p124xyXBNI4hdHtkbh8FEZpIqItl/j9ZZIYdcl3chCM1zED3gfZBZIAlXtRSG6yT
ksfbLoMQLxz/jDo6A5/Q/fmVTqft+oFAAACohINbZsUZe2+wRdjefHUQH9z1PDyF
JZf4GG9d0+GpYK3BiBEot04bvrX9ofVqLBiDsa9j8rdHR3cawvQXgekqHEcW5FmH
PcLPzSMcYFaxK+he3J/W7BDBDbT8LbRWTbU9wQXR5D0i1aI0pTKavQze0m4p2grz
HrJe6c5fSgA8pKH4iP/pePA0WUsy0HM9x6x7gALgdCAF7+SJQFx5jfaRPQgC17AK
h1ErikUjIb9b2qOkKT4BXLCrPcl5ztVapiu9IB7EHk6/WfAzTQvESfgV26bRJ6VE
eH7qSvc+bqq/yOc0bDRSQOsMgf1cU70Nx0eTk3rwqnJ4sQ91Dckt0402shTBrp4s
WSdVGsfsOMKqhhkOspXZv8Hb8hbef5nH3Jtpx+7biZHlOBdi5zxAVkk+D4khWVUy
H5LcfAl6bKaS2jgVVw7qEC6QFtVtycwC6cfpjHkPjVQ+ugZFM1Y=
=jPvn
-----END PGP SIGNATURE-----