A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

#Contact
Contact: mailto:security@alis.cz

#Expiration of security.txt file
Expires: 2027-08-07T22:00:00.000Z

#Encryption
Encryption: https://alis.cz/.well-known/pgp-publickey.txt
Encryption: https://www.alis.cz/.well-known/pgp-publickey.txt

#Languages
Preferred-Languages: en, cs

#Canonical
Canonical: https://alis.cz/.well-known/security.txt
Canonical: https://www.alis.cz/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEgiad5BbIuiKv4a5w6N57EMG3OBkFAmiVoLwACgkQ6N57EMG3
OBn7dA/+M/OZ/pp4jmW4MYISZIu9W7eBw70Coa17VJHkvVTIvxJbZqbw1TMYl+t7
j/q4JL3RuDFLlqgwhW9TKTb8unAvdVmP4VyEVYLx1TnN06ELR4vZUq3zNxSWBSCK
zibUSYcvUKvTbdFiWuRc+qEndaynkolKciv0kDmqV1hbXWD5MoKH/2mB8VOESvPR
v3Zf17QWxRfHsKrQ6fiptCGMBkgLs3/rayzVPjUckWKnlz9pRMAjd9dIJXkGQ5+u
T2PrMGTrHf+zm53xX6Cd3GnfeaHZYEOV0ngsNpEf7tOD8sST8/vzQqw462gavpIc
34byPSI8dMXXWOl/DhCBthW0RxVWtaCW3fvWrrgycrF6ucYMCtgM+fXnTdWh9ep4
nQx8LcWk9Swj/y8AzXn4+LUa4STyXqGjMv76YOUow4CK1OHpw4qNV/bSB+AeGbPL
+WKH5FPieT7/yHCRgj2yf8DfGQ4u6oEaYV+C+8VkmgK9evzN6j61xcD2xhEoCgX2
JFCsUtoqpNaYcg3EBED9MCklO/U78vAgSrKM/oSQAX48xLqYaJTACCIzxsQZ4NBU
X/ipMp5gDP+KXtq3mArJKKpzRlzCz2tR6bGwnIx5le3CUDflDFI9rsDl84IpWYWP
PbQRT7PHh4jp290CTLtaXuxCHtTQ4nicXYWOp9tD/nui0MYGxbQ=
=zeCA
-----END PGP SIGNATURE-----