A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:admin@stronghold.host
Encryption: https://keybase.io/aaronvb/pgp_keys.asc
Acknowledgments: https://stronghold.host/hall_of_fame.html
Preferred-Languages: en, de
Canonical: https://stronghold.host/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----
Version: Keybase OpenPGP v2.1.13
Comment: https://keybase.io/crypto

wsFcBAABCgAGBQJfGd+7AAoJEHcKfzyPxAR+9l8QAIxx316v2PA6mukvikiQEhTq
hHCE3zRg2bBhKNr/KMQwIFJI/NCp1nuLuKz+t+VrRJ9aQDwBOajUKTpxEvRNXdDn
K3UXaMM7YaJT75d6KLRqk/TYunWayu6x++3kztdavGHlx4pglw5uqLldyAOV69Vt
reVBMKJ8b8usIgoiAkSbWejr+16CkVX01WFpOgACNQkoOPG2WEoGY1Tz890qlWc5
L0S2W4VQElRxx5Yjv7WJFsxYEdBQFeriMujzIaSWB4YKm1JQiD6saYWCAHRXNnSe
438pW/JMSmw64Q+7Iw7CYG6vAtJ2vnYE6JfJiiDKhUhlMAnVaDAjKjfN7TiFq00e
aRj7JfXIzULITorp91DcIP90c7s5LQkbzcy6n2T1p3U4QOrhWRVVpz7aAcl1ITzg
tFXp3jNDbwNcS1Ds2u6PD9zeSF1+kShj5x3eGczYmfLsaSrND6dliY7i/Ubu2rxG
cuej3iEiSnVJYyMNiV8mv+6NCpX7ykrEOnw6vsyTK3exlRvqtKocEwzx2ZCvh1xg
I2h0f/zk9jIFWc56K/5pRrOZgi+k5kW0F1J0QjQCZEOE+dNzqHI0c5iaJWfdsFJ9
GGeb4lvRVbGvNtm8vBlFdThKOg1klks5J+M0x56Wvo7aP9W6rd/jVOrSIDPGCB69
IaviFx4qU2FbmyItn5Vl
=Yp6i
-----END PGP SIGNATURE-----