A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# To report potential security issues, please contact us here:
Contact: mailto:security@open-systems.com

# Do not rely on this information to be accurate beyond:
Expires: 2023-12-31T00:00:00.000Z

# This file is signed with our PGP key. Here is how to validate. Feel free to use that key when contacting us:
Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/6BAE656FDA66460F36D4EF76264EDD5C9D314D32
Canonical: https://www.open-systems.com/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEa65lb9pmRg821O92Jk7dXJ0xTTIFAmOEdasACgkQJk7dXJ0x
TTIlMQ//UV+q3uUAhM5AiLA93nq0K0XZztQ+qagbBBlXOScPIpH9tMYfp0aceqTL
e4VHI8zQfRrvSvk+FIZcxJZP/af2Jy3h/yxtAbifz8OmMCAFxGEzRHMvKohAFqhd
W1RLa5c1Rl8vBr2zLco+lVmdfLaYaEnn5zSIWUC9Rm92z9/1eWeM+wfDOn+WXzOf
63PBiM45nwZa3nqZe5pnOyRlqy0yj9ndhJVa1rj4rVvusWG+cb3QBv1SdsykOtHl
XWrcZQHn7Yp3RbO/d1cyHqvgssiH6gcGdmnmnBl6sWZcURftx8rzFxKbRh0fAIcb
+8jn+NaNK/uj6gv32W+v9pslbu9hMDrKBZyrxLso9A8HRwoZGThfjBj35NNX3Zc3
x6h7qRxyBEPBMr88TXeP7eDvYnjJ/F5YVfNFY7iP7Z3q08chBMH2DfJ1YznezUW4
+uSile3FVD1UzyVg4nsy1/7NBUKGxCdRGJgaQUGi0cIvo8APhZ4dUZJAEPHT1K7J
lpNFwb+yWZ9ymCNmGFOzNvfSQUx7cMQyvVRCEHIIbHgGmgHOgmix2Z/rh5d7tP2k
asBbQ+GnWzr4IN0VsDsGiIM6o5TOYiV+o5Yu/BuOpZ1+8UVdkE37k10JXQy24b+Y
Dh3zw+VIVaRrHtHMKIOTcJM4h5IYH7yp4COBMtikPb4+z21hrII=
=BwVa
-----END PGP SIGNATURE-----