A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@ckfo.net
Encryption: https://ckfo.net/.well-known/security_ckfo.net.pub.asc
Preferred-Languages: en, es, zh
Canonical: https://ckfo.net/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEE8nT10yuQu93daXxuPCDIe/P+ZqUFAlzyxLESHHNlY3VyaXR5
QGNrZm8ubmV0AAoJEDwgyHvz/maleFMQAIVA6uGoqX6rvsrL5JgQbryFiV0iPvfR
bMkuIx2R+4gXNlLfPcD8UJXRM/LAIHCwcYFwpe6m4l0lshaFOrDsT5KU7nVo+XFG
ioWsltO9LV6ujPcQKezV90xT1mvDJGZ+5T5hcNEYR9y4PtGVh39F0NtPV5RfhNF/
bEqzEZhDlxxrSXQIcSkgHGLWiOCnUeae4DFYTNKmtkjpsMHBYw7zc2axkziiqheg
QoA8c6wZvEoEhuGVGL7VD2khpDeZq7yoqGyXHrAZtnK5mVshgFsm8GTNz1JFoRST
YTJFUXeCz5GMNxUPx1uJDG9Z6U+x1c0l9YVIA0hVYLt52pcm8e5XW4nd1SRk/rMn
fIde7q0AlTHFqp4QuaaN5pH4XHpkPMSxeLlS6I7MVVtw8rStQ1llHTthsoOF3TfO
GmXnNfEv1LWmSEV9MgTcz8O4BRIz/HT3AcjFW6mYU297YGHNwYKK7bB/wRqosU1C
o4xHUKM7YNzzkxBRFCG6HGJJkihf00xojwikx1wOtxIuypNHG8YBg5kjd9uhSQDG
cpELjvdD0fGwhsPan73oV4yRTTOsME3VgmLHQOiV/abI+k8M783OZkqu7YEwE4Bi
84wSEQD+9ooUniOSAQMY11WcOTW8VcN1YiLPf9Hwh9AFddz3CEJ1TjR2hVBapWiH
j4pG3aREZbWq
=4iz+
-----END PGP SIGNATURE-----