A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# If you would like to report a security issue
# please use our generic contact information.
Contact: https://www.effectech.co.uk/about-effectech/contact-information/
Expires: Sat, 31 Dec 2022 23:59:59 +0000

# The following have been previously reported and deemed invalid or not applicable:
# 
# * EXIF metadata in images
#
# * Simple unvarying CAPTCHA on Contact Form
#
# * BREACH attack
#
# * Identify server software or WordPress version numbers
#
# * Tabnabbing
#
# * Denial of Service (including via scripts)
#
# * DNSSEC and CAA record - not supported by our DNS provider yet
#
# Please do not report these.