A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@ondrej.org
Encryption: https://ondrej.org/gpg.asc
Preferred-Languages: cs, en
Canonical: https://ondrej.org/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEPZg8UuuFmAxGpWCQNXMSVZ0eBksFAl49XqwACgkQNXMSVZ0e
Bku28g/9HrEWbnd0Rsk38+7JnxkKWAM1SMEwr8RX9zEqwGZfUvgihioaEHolxDlt
SKxv7IAYIrXxy24JMeL32LLRTCwv+SoFtFReOtZlO64pYnWfJVIMVxddM9YVHJc8
HVU6ysMY5INXgk3J+q9OqrxXncx6zd2FvE+XSGF00UkHLOULhDXnK6UYx8LT6Fxk
vLZAM0u9CYdc8PNxGeUdr7i5iLUoXXZpmSUQqgOpCKfkUa78sQa8sb8SB4XQoj6M
iSgZJcBTLMYmw2a/MLGSPx1EmDblSEvSeHJLpUrVGfxa9G9F+5YvLjjw1MngEIO4
+7NrHOrjvIE+Oo3RlnvBl54XOrZO6CztBIFypqqaYxW4rX7ba4090UEqVqfUw7No
1QNwSU178b6bcwqRVQJbPbS+BoTgrp5zPHeqLwMTmDizBvRBuOqJSmS3nAwlZbTy
aQMnt/AYyMYPPsMj9yqdsFFfBwPQRmyYN0uCW7bg9zrBJrwG1oMMuF3ecc9y/yfd
sCplneCPHgsfJOFntlOQ+W6mICW0GTVty1j7bM8S6Y2tpdZ+zhBOMJmxzaUWRId/
gcs8qWoh8BaurVh0QWqd7mjrkvoBAekxzpEBaDj8UTe3yFEdy4DdsBBEZoji8dYb
sjMNgN5NEz3N/2wrOxwcOjn0r9+Nq6b0wGSWK30oGo5MGfMkkVY=
=ooHu
-----END PGP SIGNATURE-----