A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:disclosure@subshell.com
Expires: 2025-08-24T00:00:00.000Z
Encryption: https://subshell.com/disclosure.gpg
Preferred-Languages: de, en
Canonical: https://subshell.com/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEy+844MxPc4YHg3fNz/mvBCXCRioFAmTsQq4ACgkQz/mvBCXC
RiramwwAoSvjEOkzUy7xY3h4mQTp/AB2jwiLBiozgNOzmD+WMorqNIUlvQ8OBwL8
HxQC4spz1SWG8y8Njut+I9/TV311bkwIY+zsM2vXAED53l67GaD7Zg8BHIfHtUTC
6F/hJusgRk58cZOTJgh29Y2dV2eIFle1f5OLvPqsMnjtXR2lDT0oWhCF0m2ztF7X
FtTEmSaLtQZg5qpC2d91TqrDsu5p4l/+furW2a2+pKLYCpBgXVMlGQqZxwVWu5Bw
mt3cRhnuP9lGSIu7HhuOknvh8wcdOzkiv62e190d/Ifela+uIFNIxo/g84dWVKIT
fe8t6uBBbYs9OYeVhRyNo2XB/ub+JDwTi2crKAWk6sP+/f7MJo4uVBEFcO4Z3O26
slZZJ6Sa74zUi7rY7bbS2xwxoKjknCTYRFRIGkxRadUzEMvHb5FBmtxaJPlNRDKA
aKKFDWmesyu27al++PHd2RmxduYU7sPCfJVHrJ9DDsjfzEc1PBqZ+Yr6ARfW1qi1
EKgtfOIU
=UmSf
-----END PGP SIGNATURE-----