A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:amane@ama.ne.jp
Expires: 2032-05-31T15:00:00.000Z
Encryption: https://keybase.io/amane/pgp_keys.asc
Canonical: https://ama.ne.jp/.well-known/security.txt
Preferred-Languages: ja,en
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEECcrDj+VsYzvBVijoZLAOWFJ9ZTMFAmUIdLUACgkQZLAOWFJ9
ZTMtlQ//R0/bGF+pjzZ7i0vjZCkRNpN+mhsrLUJJ+wWwmZlgAgNfl0j7q5b5KXdG
kUqXH8vNrmzU9aakxq7vPPVTCoqi5AdlI4DAjzrSzk7XELZJuWIWrdwH5EPJcbv7
CD8E/JQLJ0ztmxdpfdc6mlGuviV6Xxhu4uoKrGTEGx7fSb7G5YThWGjrySys3cYk
ue1/R/BR0KOv/Jz0toLXb7jFIW7Y4LQzs8zMloGkJkDEcAyDyeiq4jLCekFX+Y3Z
X5XrJMkl4V04qTVHUGgzJq5jKywVBrw6HDKQ8co1pz8HXLcL2gZR+sjndfKdYJht
1rTMPeMpqsFY/wWIMcxDqhHUAuy92CIUdF2dhWYD7A7soi9qf1S+uXkfOJLTLARo
0ikdyNg4Cm9V+YjM6fJTUtJhOVAWYeYea4H6HvExgUvVFT1iogeMrzon1Fja7M+e
oQ1iWcr++dQfA0s76AtnE1ESRkB8acTjVUpZIoA6zFMqqebnhq2VrmhH/LZ+2d8r
j0GQAZdILDn8Yvsqa4hrnBp0aojKnJAhdDakmeDLGPxRz3MuL6YDmOFVlB0eqEqe
eXL24G6rw4r+P7OvGAgx5GfDLXcYPFbVPjkldiSPlRROyqAogpGUtYERqsMYUu+w
qyi0IU576AhUTTt243QeqgzHZbv2zi8ZupIE3B9gi6rnYIGDUE8=
=991h
-----END PGP SIGNATURE-----