A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# Optimalprint - Gelato AS

# Please report any security vulnerabilities to us via the contact method(s) below:
Contact: responsible.disclosure@gelato.com
Encryption: ./.well-known/pgp_key.txt
Preferred-Languages: en

# For data privacy related issues, please contact us via the contact method(s) below:
Contact: privacy@gelato.com

# We're continually recruiting, so please visit the link below if you're interested in a career with the Gelato
Hiring: https://gelato.com/en-US/careers/