A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Contact: mailto:security@miton.co.uk
Expires: 2025-01-01T00:00:00.000Z
Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/FCD5038815B39100F652C506F9AB3B8F49874102
Canonical: https://miton.co.uk/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----
iQHJBAEBCgAzFiEE/NUDiBWzkQD2UsUG+as7j0mHQQIFAmXKG4IVHHNlY3VyaXR5
QG1pdG9uLmNvLnVrAAoJEPmrO49Jh0ECEZAMANXXRvymIVcm4CoMYx2IN54N7sc1
hWDMx0SIs22Y8H312p4QMpS/4BSDPYhiTsVbSLuyGYdk9at9TXhV3Zqwdx6LBwGI
GDdx2qcrydnTwIK3kAOdpzdfeFFZYpUnAtpJmW+WGnlnWQnVxtSyklsXAhCUebVP
Xre31malvc1FhTPpu37LeInK94TRyIY7mAHfyg41YpRLPxuFZ4KkEacTChz9kNmT
ZBV1R8tNIXAqEYGwSxNXOvp18K4OWFa/nEioCkigRYNHUIh7cbB0oib+tT83h6Tm
1sqkxcGGzorodeJWE/dVlS2/HD1nwlOJ89sayIhbYtx/nY6wpfcha/72ghLqgYld
RJ5BvWmZz/v7gzgQlzhijkxL5JBjTqEIv2+aJuC/tkawwm6N1VuZ2oXINT/fFlip
EOWOPO7pg2SDJU0tcSaFE7wkJe/FMKkmGEZqMDwEEmhsUBERx8RvJrMreJBxtTAH
QV+pRljYa4bmC/T/VOdzxgEGc2KHM5CBENdBkQ==
=9e/r
-----END PGP SIGNATURE-----