A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# My name is Colin, the webmaster for this fine Web site.
# For all security-related issues, please email me directly.
Contact: ccogle@vectro.it

# vectro.it is the main domain.
Canonical: https://vectro.it/.well-known/security.txt

# I highly recommend that you encrypt emails sent to me.
# My work key is linked below, or you can find it on keyservers.
Encryption: https://vectro.it/contacts/ccogle@vectro-networks.com.asc

# If this Web site doesn't have a humans.txt file, it
# definitely will after I fix whatever you're reporting.
Acknowledgements: https://vectro.it/humans.txt

# I only speak English, C++, and PowerShell.  Sorry.
Preferred-Languages: en

# Not sure what you're reading?  Learn more about security.txt
# on Github, where I contribute the occasional thing.
#     https://github.com/securitytxt/security-txt
 
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEERASZ7KOR4ZiNgtKI5kd5lzggeCMFAl5oGX8ACgkQ5kd5lzgg
eCOqEQ//cQdXH5BmbmXvbJlHJBj4/3w8YkeADkoDacM3oAtGhYwlAc4P3APcxQYN
JBOHdBpk2ix24mXqiaS49TAI6OOOioBK3u56n9escMMEpjjjP//ErzKZRScuXy1c
77NctaWUABF230DqPP9t7v9upPZqor41bTpuZ6NY1Nv4TOgfI58/9gD/5PCaiLO7
nhBD6VeXhiHqyLDW11yaoZSaKPkVjgpS9OEHqKVRlq4ujOHmiXQYHTtGi3MvhoXF
4eQUkVe9xvf9m/3MArzhCdPKsWzjIROx6LRJIhiAvIM0Jje3ajIatbyVkhhD2fVS
Me0EUKbrzx1s51X1UpRzcPZVwBicxqt/PbIbBjsSd7ZBeY8ZbYGLi5sIJaXZNU67
gPwVUIAVxuTReKxuM9ICqg/C7gsGdHUSkvmII4wFtOjikIpIhgqxfyVCidYNwhvw
IGlgdowK3oZpxrfIDnldu+Yilf/QlvBRApD7mn5u+5Xbsf8sR/oglBESmLJGLfRQ
jiAmYjlyjxL/Wt+VOfWiT5FvOKNlKPK7eGOwfhMvJk/n1EFuuNb0j4JjTauiqX57
BPYUDOUhrRMM5Y/HHaycdDubZPjO80J8nhUyU8fGPgdcuC0iq9Jkdoc5xk9D4mop
StgGaWzUcq/+5dv49nl9kgZ8Ug9kQWP8wEJGnnP8OfgCqexvyKQ=
=Lybm
-----END PGP SIGNATURE-----