A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:me@matiaskorhonen.fi
Encryption: https://matiaskorhonen.fi/key.asc
Preferred-Languages: en, fi
Canonical: https://matiaskorhonen.fi/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcpZSLpSSiP1PAuX0ampWZPbOi48FAl66YowACgkQampWZPbO
i48jaxAAicr3hURBqtGqm0TTZz92D6twt2nbcE2QXpnNJGMMjaLy3TBj1UsxSJwz
1WNtZpNHw9jCctsDSjc7DlMa6fCEJ3IEtMwsGq5NL85ZwxhyHzgL30hQqfxW1EgQ
CQxR+kIUuUseJ9KxbfiLtVw+R90cHoOfWqDn/TktZUS5J7DJaMSerEWE2Yjwpqb3
kBvR/0yJXlacFva2tMZeH0nsucRkdYlHw+hA9wLf3paQdSnevkZRGcsFg+RPkiAI
8JVsBOGTSuAWKg3aH1xNzAKg3Clhu+d1ZwBbR+/DyLVCrlicO1CtZ254WHps8wEw
a7fWKB8dzmb5+DWbRSETlTPqD6ZLEjUTl5CbwfxL488C7PoU3JFUpHKk6ncmvmf/
cYEnv9xTmk/Tv5V6zBycHaEsPZm2W6nZcpvDd05gbHw+qZRcoM+2xO4gSQ7EDJgi
fnnCjsG77OhCVzlezDofYIeLIb7gYgWSZJzztGBD5DGNyXI39/0SsYbmRVQXAT+h
jnFrQzsj0VecWV3Vw79tsNo5caMjihqdMCY6wTbLKsUlNKuxfE5TKOqVfNDgga0g
eilKbD5ocHsFTbxhHUUrk4hvlB2qzNd8S4zm8ROQ96kHZCZFFBs2kv+2oCeNrchc
miJePMEWewpriJBtQpuKhHIC3L4KnquzhoUbx681m/hk16XJJms=
=cQWX
-----END PGP SIGNATURE-----