A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@outv.im
Encryption: https://outloudvi.github.io/askme/pubkey.gpg
Acknowledgments: https://blog.outv.im/about/
Preferred-Languages: en, zh-CN
Canonical: https://outv.im/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKMPlAfAJRhjEZCdo/2IlXBCH8hwFAl7FMbgACgkQ/2IlXBCH
8hxHxQ//Qn8xMPJmc/UHcK0s+4PKR7ZGnsOj+DI46U+jNYt0d0xWsND1sGED47UC
fk23dP6Q1D89ujLKKQMasK42aKBTj5UdZuqt8+FRms13u0PDvXXRWFOxfgkfQFp0
kyZhsTqAebycnIylJJMwWdyc9kxiD5ckF2PMi6kmoMd8QINpJ26q550BrOBPFa+C
1vbaJZOnvmMPeh9haxvZV1DEnHE0LQn048yMTCc9denXBa98DZW8LD0f6lZXdaut
OqEvVELIY2xayB0yH0fJ2wKbMZMOHyu+sqItJs63Xench1EokRD83kOpT0b0+dAg
XmvaNkiaY8Vlf2HCZxekdMXUMA0S7YWhOjEY/ANNLgDZsvVoHsCYMKo94qrKa4Ms
WiLRcbxOAJEYIfNL8Jfrn1WEwKWvl2XW4WK6CW4/qE1EXoBgGQOvdk19w9OqQOXL
KE1QqywN768oe4GTRhQa/YlGf0ffYQh8TMTxwL+3Y05Fws54zO6SV+K9gsrIiKes
7M9+vfCUEfxgVfAiNwLzGa+BT63m4CAgNKt0QdE5S7mDfuXnUIxpKv2PBTMVne6b
NgJISeid7A4uDlUGT15YaUv4Dmnv1YhqHn4pl+qChl4Dgr7RQxg8IArwtuAsjb54
hz4H6IxURzJfphIB3Ni1rg2oF+50ewHBvQL9zruahezDuYezPg4=
=6lkA
-----END PGP SIGNATURE-----