A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@ollies.cloud
Encryption: https://keybase.pub/discorev/olliescloud/security_key.asc
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEESFG8bpMbffKIpgy+D6F9ET7ax/cFAlyroCIACgkQD6F9ET7a
x/cv/w/8C0OSWlwGgLvybnYZImyGIXZ2yldISre912lUECNwwnNEqc0IQJKIyhqM
CVwyrrbruOtKeD4uLy6hpIRs4vfTSoqfgfKx2ZlaokSpiRrTkQruapu0F85B3Iuv
YUgIdHecI/PpRI/zOMuVvspELNZTy0V2vVOaidDmriXccbm/zibY6m4QHioKF1u5
2CaQQA/Zl1irbyUaUE6EdeYSqAv0BUJn+TGOh6c9H8EAycauWEIztOKpid3zX7gt
Dobbvm8Mp8rSZN0ccaVfp3gmnyf0WSfs5RdhQKtrv2+7fWZpMdz/TL4s3E5eNI5A
b4ftmcNeiYeVtLZSxWdzrhpjJznKm0QrLciFfQsTImBvuNQhYu2sDN2pq57D4pnc
dc4oMo4XBxoZFGDE86SFfRS9s/woR8KyhQDwlyswQSxErQh2pCTF9fAE0KZQlwQC
s7rB1aGdTQTVsQ1zjnUhklh2qu9cpYtaAF5Kg4yTaxOyEwjV3WR/f4ipwvJNLSkR
3isPkovJ9ezialh7U74UysoDzdQe3H4qi4u/c64CKkuhUKg+ZYahQG8j+Y44vhAa
LbG+SM9AqQ5cPG92PTr/a9aEKv1yzrSm1eYqcmvJRO1tFGHa5F+BpltcS3Xgy7Vg
5A4safZDU/SB2yJ5K+um7zgkBDyRgr+dqNGi6tBq9AKvTkyuwW8=
=kQZg
-----END PGP SIGNATURE-----