A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@panic.com
Expires: 2025-10-28T07:00:00.000Z
Encryption: https://panic.com/.well-known/panic-public.asc
Preferred-Languages: en
Canonical: https://play.date/.well-known/security.txt
Hiring: https://panic.com/jobs
Policy: https://help.panic.com/general/disclosure/
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE6i1R0iW3pPNCW77Iq26O7ibMLj0FAmcgI9EACgkQq26O7ibM
Lj0pwQf+PtATwEUeXRQ7GZbmGHyGmmMTu1smae3X3NtH/uV1bom+OXZD08TG02Xn
ybihpRmm3wKWrFlmn2XiWw3lTMjmQ3Y0EnFENacz+XaYzobuKApyCrSTVWFoEwfG
Wae1EFqA2WsLdru+njcxoBBOBp3uEpOAe+2E487pevyDlhMHsZyG0GGXXWsJxuYF
llS09ekJnJCIyPd/LbYHtqPPwvC+A496DOejiekZXL0cqZtYQDowdZqBs202ROpG
vn7j+Sy0kTxa8o0Sp3lcX9zsSVo5QBNciOpVn6mJWW7aOHEZWIhhcpNhceBekZN0
Sq+8BpmCyEB6OLoUPUXFIb+yARY5Yw==
=1dZ1
-----END PGP SIGNATURE-----