A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:webmaster@c10.cz
Expires: 2029-11-09T23:00:00.000Z
Canonical: https://c10.cz/.well-known/security.txt
Encryption: https://c10.cz/gpg.asc

-----BEGIN PGP SIGNATURE-----

iQHFBAABCgAvFiEEka2y1kPj1bkoSUrBLhVyt2KSG9gFAmQI69ARHHdlYm1hc3Rl
ckBjMTAuY3oACgkQLhVyt2KSG9h0JAv/SnT3Gp48n0ONfEeAwSy4UktfOp/6jDiB
6wrvCA195SllJstowKEmOzGVNnRkkohp221CD9I+ySzYOaks2zEEJ427x/OHDwGP
VikADiOE3CUWg1ksDDIfoBIKhRVaJSDpTRR+LlJ+Nvz14/PH10VXHnudAKxENFMi
G5I31FsyjS1IRcq/LjakMY7Ux8rVrcmYrbqIwbTpaW2lY9GshWFLcoIwQ8AfGC/v
IJUn/yGmCtwqKB/CsfxvAQQEI+gfrjTEfi9nNa/IKzRVqlc73zGtcfc5AQAIrUn2
naWyA1DgcYteXoaxtJ/I4g0Xf2J1eEx0R4fG4wVexMWGQcjGOem/k1Z9oIihwzlE
MTZGlNba0g3TWHFEnej2qpfYheJfFSGq98kHkesfFHgHUdkGO4+OXYkXm7xtxNvK
77ct0CnpIvjD7D0nM9o7SrE+1dlizqvp8D/Bx8SBgjArbctetzqRLTAnGstvT0RO
NJ0FFi93f1NpeBwnoxZPwftKq7wY1dB+
=xUIn
-----END PGP SIGNATURE-----