A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

#
#           .d88888b.             
#         .8P"     "9bd888b.      
#        .8P     .d8P"   `"988.   
#     .8888   .d8P"    ,     98.  
#   .8P" 88   8"    .d98b.    88  
#  .8P   88   8 .d8P"   "98b. 88  
#  88    88   8P"  `"8b.    "98.  
#  88.   88   8       8"8b.    88 
#   88    "98.8       8   88   "88
#    `8b.    "98.,  .d8   88    88
#    88 "98b.   .d8P" 8   88   d8"
#    88    "98bP"    .8   88 .d8" 
#    "8b     `    .d8P"   8888"   
#     "88b.,   .d8P"     d8"      
#       "9888P98b.     .d8"       
#               "988888P"         
#
Contact: https://bugcrowd.com/openai
Acknowledgments: https://bugcrowd.com/openai/hall-of-fame
Policy: https://openai.com/policies/coordinated-vulnerability-disclosure-policy
Hiring: https://openai.com/careers/search?c=security
Canonical: https://openai.com/.well-known/security.txt
Encryption: https://cdn.openai.com/security/disclosure.asc.pub

# You may also email us directly.
Contact: mailto:disclosure@openai.com
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQQ5fYPd6Hi19rZDZ+kKj1HZ7OnINQUCZn11hQAKCRAKj1HZ7OnI
NRamAP9QAv9dOv/s+UuinoaOdGd05fb+MiY4G1QFzlCSje7OwwEA7AgB8X8K/gHG
KLX9WW6t+XUHh2h/n/Py1/2PHikdcws=
=+KGY
-----END PGP SIGNATURE-----