A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# This is the security.txt file for dm4productions.com
# (and any other TLD variations you used to get here)

# In case of security incidents, I can be contacted at this address:
Contact: mailto:boss@dm4productions.com

# Messages can be encrypted with my GPG key (0x1CB0C5A3), also found here:
Encryption: https://www.dm4productions.com/.well-known/pgpkey.txt

# Or if you'd prefer to fetch it from DNS instead:
Encryption: dns:a5e7c002443743c5836758c7d1cd8ddefd9fcf2061daa0efaac683fb._openpgpkey.dm4productions.com?type=OPENPGPKEY

# That key has also been used to sign this file, which can be found here:
Signature: https://www.dm4productions.com/.well-known/security.txt.sig

# Cheers. - AfroThundr