A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:sebastian@phpunit.de
Expires: 2024-12-31T22:59:00.000Z
Encryption: https://sebastian-bergmann.de/gpg.asc
Preferred-Languages: en, de
Canonical: https://phpunit.de/.well-known/security.txt
Policy: https://github.com/sebastianbergmann/phpunit-website/blob/main/SECURITY.md

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE2EBtDYKUd0cpN3gxSqOUCGNywgoFAmWREcQACgkQSqOUCGNy
wgo12Q/9GzSyQELKf3zWhJDdC1UnhrESFOGGl+Xr+X8mVWAiGQaCKgXTEGtfFLRy
9zrkgzHp9lAYPlulKs5A0+EXIrnoulGnJmhcDw9ENKcd7Wl9YgbOj7U1AabVVjxn
cgAmsL55Ls1SOu2bCIKajvmsjsL0jTpIb07Ic4mFfhJCY+GQSEKxoQhF63j/9DjR
ysXYTjxEQqOoJeCKmHDUyuX6Yzbt9krhXMni4MvlxH8DfZFb5TJkU1ZGLgYsY5T4
M483KZEpXDsvuBIfF07dd806TUXmVlkflTyIEkc+cBm4PJDyU92MwD4ZwY/9tm2a
pFaXWlxLtYa148BEH3fNFfrpggIRB6YBjAb2rDT/E69nGIbUl8u0LKQDQJbqwRRF
2LfUStwfZQghDQn7H1vz2qRkIfMTkJ/WjsCsbZ9uNqJCMTyDEyLPcNN1mG9dEfEO
OxfZsmjNxfoozUr3ipxYnLk5HsbacIF1MmpFSYssvm7bdQEnycLYVfUvyFOVpy1D
62Dd2IXMyUGhMVoADpQSiZLq/z+vCrsMn7VmvKEmTOkfBEzkSYTi/M3fsCRtMHNx
MxwtwEanLKl0miSGgrmz4bdqaaCuFUzwfmmCJ9YhX+iJOt0IXMjM9d5vVsnUOtpo
RFUAYIOyNhcefmHv+zUaFKEanAc9Sz0Q8GT2czufvdH/T8v2x2A=
=mYQm
-----END PGP SIGNATURE-----