A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# security.txt www.segor.de
# ##################
## https://securitytxt.io/
## 
##Contact: mailto:webmaster@logistik.segor.de
##Contact: tel:+49-30--
##Contact: https://www.segor.de/security-contact.html
Contact: https://www.segor.de/webmaster/
## This directive allows you to add your key for encrypted communication.
## You MUST NOT directly add your key. The value MUST be a link to a page which contains your key. 
## Keys SHOULD be loaded over HTTPS.
##Encryption: https://segor.de/pgp-key.txt

##Signature: https://example.com/.well-known/security.txt.sig
## With the Policy directive, you can link to where your security policy and/or disclosure policy is located. 
## This can help security researchers understand what you are looking for and how to report security vulnerabilities
##
##Policy: https://example.com/security-policy.html

## This directive allows you to link to a page where security researchers are recognized for their reports.
## The page should list individuals or companies that disclosed security vulnerabilities and worked with you to remediate the issue.
## Acknowledgments: https://example.com/hall-of-fame.html