A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:david+security@davidpanic.dev
Encryption: https://davidpanic.dev/pubkey.txt
Preferred-Languages: en,sl
Canonical: https://davidpanic.dev/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYZjBVBydSHZliGRdLMDycKnP56IFAl6eAEEACgkQLMDycKnP
56Jo2Q//a2EDT6+VBb8UrL8TDSr0v+fCMmw33N91A0duV0i4ihJu/XcfpB5gxnqX
aEGH9+8VRmE7voWX+3Ol1F3cWsHfRwLwZH5+/ymtQ5n5DbSvtbyLtjJWshJCnU+j
rwURjvctXMUep9BQ6In4udUzpD0L5AYw4ep+pReAwKt7pYBk67SG7Ojw4iNRAD2Y
gxtcE5B/CcOa8LelSOHSqWufAPLzHXs+GynG5RlZg2pKS5c+3Vf7k0OwCXmLbBIJ
E66GGOiTX1ADdisfwmlHoI1dPzeIjN0QUhx2N5cSmtJbrU4BCO2gyxgIsyuVjhcq
XJwaRYwyBAsTJhpPycJjBxlFjLYwXxJL2ho0V8IM85CYsWaA9AQ6oHWcSoYkVd1z
fnw9QCY7kc5ww80q8kTJoa/o1bbun4hYjSACBj1QODamUnSQB5afU6H4vqRhgJaT
J/lfv+HH4nUJxU6ZzYtUtiCf8ufvjOgLSzk3EIId5dPI48LqsX2+L37i9fTCxCjR
H8gkglIS9LKFLhrppehwPqiFjWH7BAT2RU/mSANXDeeYqaP1QRIy13wCso2g5j52
Mun6FOOyvVjSLchzWz0MrikmUDsK7njNOEQc5VfIqUU50dThYBf13gE2dzGdMDtO
I8tbxZQGGrqXpjK7QQotJlngksgQkGcZr7q0TKUiKmfic/EqcSI=
=GTj3
-----END PGP SIGNATURE-----