A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@joomla.org
Encryption: https://developer.joomla.org/security/gpg-keys.html
Acknowledgments: https://developer.joomla.org/security-centre.html
Preferred-Languages: en
Canonical: https://www.joomla.org/.well-known/security.txt
Policy: https://developer.joomla.org/security.html
Hiring: https://volunteers.joomla.org/teams/security-strike-team
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEPYFcJjaqsgoey0InllSCd8GEcsgFAl+hoYoACgkQllSCd8GE
csjqSQ//QTcVVJF6xvg4t2H5RZpiV3X6DxEo0UXIGrc5p8OArduDbUFbNSfMkMhI
qdzdd6Gcafw4RlKwG4mjADkFkmThNtKn1fBAw3Jvymd/iJaCqPeBmNJu0TWiMuPO
POlmqhV0Dhu1xzkUNViNn2nFswv4cV3hTStfYpmtdya849nFrw8BTz9Pbe4ghXtG
RrauDX+gpduNfEZa7+SqDDgqQMrHmEAc0bLoAEIhEUpOsBo5yVBN7vxfqQXpox4O
CnbzCfWrBxO62Ki7usS7Cp0UGufBgL8hZVJ2dq6FXObxrHfMcPzrJTXUnGnHZUal
26Xv+X2AxVaJOv9lSckW6beDQdMN9ummjq7ahHgcMdQsinzT4Cb8TQazuVInZOjU
A2pPHoAJPQ4tTfZeaU83PCaqi5I+osnGVVvaztAIaqd6R5Si+8LavXm2ZhohV9eL
K/skfTycEPbmlo5jIFF0mQsj/FNLWoCD7mm0tsWpN3G8TVOGrNcFXeqGZfHm2bti
0Kgq1IgTFfCMdEtIcKoR59GOLsPWWrRod23reavEUl/OBxJyBkYnKn5z5zOTqTZj
izjhc2NHjm9+CT2UjVm1Lj2ijNqAqrR0Ju3x9uhKDc/Ygso0ocwXODPKu21akoWh
2QLgb58afoVqqjIwRRWCPE6s6RYI+OzXej2MHD/nWsmgLZ71sgQ=
=V9SS
-----END PGP SIGNATURE-----