A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@postalsys.com
Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/465AD0AACB2615C8BCBCB35BA046CC22274DECD5
Preferred-Languages: en, et
Canonical: https://postalsys.com/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEERlrQqssmFci8vLNboEbMIidN7NUFAmJVRqAACgkQoEbMIidN
7NVh5Q//Xd+9/FNf/+amf1WWqPcTbzQuIXT9zFoT93pZxhX6c0a+Ldbq1aDd6lFv
rcDOhFV39buGsC1m05BJQgG1WO6YXdNTPhEjeFdtOdFPZqbsK0BFDPq8IG+cAAR/
a8p9FL46rt7UNCNn1k7tEhxsef+GKFYA6LkM5w8n7fVrSIY9vsiFADaVdfI+UxSD
Jllk2pv23N36uGU5qTkV65rpqOMfklE8qKrUwbF0zWSqpyMoUrC7mqIEyQnvIb55
vHfyQKVYp4Ie6oPAZqjeVeTrl/uHBiVgmKD85xXaCvAl3P1clWddN9wgdO8+f+ph
fJEz5yrk7nyDCtO1N5VNXVtZjBbSPw5OZNvb0uzRWBi3C4XS4nq7pJfPnuP67W2I
KuYKHVc5NHvCNZpF+vmOdcTaE4Qaigfack8E6pybzaYgd0tcaj3W9mkCrvqmRkly
75h6T+o5l4wpe2BTd6pP3LxqqgiK+QIYRqi4nN7Gkcaqb96yV9qnmxvyPa3vavEy
KEXdXL9kiqohBFwKBpTD4vtK7PySBx+AO34DAW1ydCfbdULguW1DQeLy/b51WbFN
XoRcgAJPtmCbeJNtJE97sssH4QginoRIas/MFfr4fiY0tK14eg5qvHkfSYrmOFEW
HLcCfp+aD+mX4Hsik+paUqMNEntd0xWCBwFJ7XtAfjAD7reZ0m8=
=IyXk
-----END PGP SIGNATURE-----