A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:psirt@linaro.org
Canonical: https://www.linaro.org/.well-known/security.txt
Expires: 2024-08-29T00:00:00.000Z
-----BEGIN PGP SIGNATURE-----

iQHFBAEBCAAvFiEEC+Q52+0PbsTAW4y9K7zgNY/RHSkFAmXg4pcRHHBzaXJ0QGxp
bmFyby5vcmcACgkQK7zgNY/RHSnnBAv/QzHEehe34IFqrwJP2EYOa2f9cbFABM0f
gZYI4t4DWARXtXDNDnQrGP+f7V+oZSjBGUj90PAUx/sJfwgWYpRga82k70I0Lg9d
3eBYYsW17WmB5/+ICLdmSqQJxvsjrctTjjdMub59eVkItdduR+KMkcaeGHkheZAt
sqUWnR3iYT+ECTzuDMZV/+CZMc20cRvmNxojjHfJUdw5RsVulFQyYEhT/XyJF17F
IRAisj3tFNWllizyqLytkYEcAKQAEPYDFwH4njCo1LajaOEqkQELsJoRNrDqQxVw
pwitcs7ZTQjO1JeF9EvPTjh12XBelmIlQYNK7FqbDWOm+tSEfRtGS6bpJAtq9Aww
FHjgNEhi0t8Az+TVuQMvsceC06bClig5c9PtyIlIbZX62tOXDTtYcaePN8ziEgtj
L1SephUbMiETrLH+93ZHW2+2Y3EiZ7PW1sMP3DXTa5meXmiKhnnJoBec7s0rCKX+
q0+cIFQnD4qRYhxUWtNOiu5AW57gws1p
=8He2
-----END PGP SIGNATURE-----