A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@intevation.de
Contact: tel:+49-541-335083-0
Expires: 2025-03-28T00:00:00Z
Encryption: https://intevation.de/.well-known/openpgpkey/hu/t5s8ztdbon8yzntexy6oz5y48etqsnbb
Encryption: openpgp4fpr:804FED63730227FF2FB6D9712EA2477380F3EDCB
Preferred-Languages: de, en
Canonical: https://intevation.de/.well-known/security.txt
Canonical: https://intevation.net/.well-known/security.txt
CSAF: https://intevation.de/.well-known/csaf/provider-metadata.json

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEgE/tY3MCJ/8vttlxLqJHc4Dz7csFAmYqC5AACgkQLqJHc4Dz
7cvYVBAAxiZbksqEyd+H/s/tnJKQrhDuF+6zh8ZFYU+l4WzZMxlBFJ3KazqnTjNP
QAsN1XPV1RRbFt0kHatQ067infGlT/rnYbKlv735HgNghPg0VVDSNDVPrh+yUx0H
Tm0movUr9n5C4pS880WE2lYibEytfWwvaAXgqRxW5wAQ09Wt/GBYJDsjyBwLj/eG
nLGnFXBpeQN0wB67cHLwDXS0pa7FaKVosuygwcKdbb9cIUNBc07SrbQ4UdBrosSs
WUYmzUc2oT5Le04WEezDF/TczELpkTvrVk3PpM8uptvEtj3eOZOXGtwRIIaC4DkQ
k50fKYcXQXEKJzD4DLgyTOMa+AVqRIzo4d+8tWc8gOgvHh3bkEsXpFGoRnh+UpUp
hrcVnYavGgDTQDPupzVAgiDs24qBOYQakia3M1P9h5eUF1TaITrXdnnJVdyc5OKF
JyztFgB8kR6Z8YYgn3F0n2DowaWgADJZUhiGhoI4bpJhrodaFI7GmQkofeKsxYSu
30eggsTCF64vstcHX/+4E1Y0xIaOzSiA5LaFlM7L+ATFn7WzASDOhL6dzD2x+L+6
J4/XYvUUcQEUrIRJZNq9geRvNhSnVhTYkT6+WvXfsDNxCFTb/yRo8Dk7uxneI1bV
aLY9Us2UlLvBDPqmSgKRtMPmQFqzq+C1rZW2x1imdJi8ntgQ1fo=
=7yY/
-----END PGP SIGNATURE-----