A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:ben@lubar.me
Encryption: https://ben.lubar.me/gpg-pub.asc
Preferred-Languages: en, jbo
Canonical: https://ben.lubar.me/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEw/Q8YRUAe1Qc8plmkpOWd6tZ7aQFAl6SjyUACgkQkpOWd6tZ
7aTYpQ//ToPWwpyH2UXPEkgoKpuxZ61TIMtb3r0d4fdKq/3ZXWpNhLCEbidGw2Wb
3H+n0y9KOXtLKCEaqreEPY9BG+aj5qNkt7Au1wtYszHOodxb5jvTVC4OdyFW9lZU
GZERbRsK420zukOqIibkrrm8ox0TrCxSMCmp24T9Dsia4uH1bHb/7aM/qDiHb3Kt
miTKZytNRC1ypOTccyz2svWf9E5IfcCXPIg6V+Jf9ScL2HN5NV1pQtik4EAyotGm
2c7SFl2/6h0HQ2tWzc0xLH35OHtY02FcZ3StQ8RyK4ckeDtqkjSE11QX3m+fYZJp
OgYE72ogr/KZMct39p22WauBxjQUGHzJBCr1FxvASrT0w1G4fzedekWHmNStF1T9
hazLqLmrE7BQNNRn2N0yM7u6EnKEIzMpj+W81IjzhOQYzi5SrG6KrPsOomIa6tRx
Y3XdqoinoW6BlrJQWId/0Sss9dHZFSlFtbdjW7j+h497Oemins+hDqHXKIWlYxfu
7EH5i1aU5WeOzbsc8bT/3sVerqjG3MeInzXQdFiA652Vtcj/IbWrxTrT/Z48/Ucq
Js6voEGVWsECwuxWRr87KhQpGYG1Sh+DohPoAq7IEag2cFXoSBTO122rYnvzQsoZ
a7IgHUfUCJojzFug42sGcFnOH3zjtjXLqJi6JSE4JmZgiW45kcE=
=+FNh
-----END PGP SIGNATURE-----