A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# created with https://securitytxt.org/
#
Contact: mailto:security@dcso.de
Contact: mailto:blueteam@dcso.de
Expires: 2026-01-31T22:59:00.000Z
Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/5C6B6CACCAD86F4A5652ED1E154D1D0B5372D681
Preferred-Languages: en,de
Canonical: https://www.dcso.de/.well-known/security.txt
# Policy not yet published
# Policy: https://www.dcso.de/responsible-disclosure
-----BEGIN PGP SIGNATURE-----

iQJFBAEBCAAvFiEEysdkY0tcHFyvh0nGc6ccXJoX4k8FAmaLxcwRHGJsdWV0ZWFt
QGRjc28uZGUACgkQc6ccXJoX4k84bxAA2V+hS0OxaJwYt/i+ZoNEx4IUDONYRGZj
KhW0tgBRmbVZD37eP5TSlFJHT1H1q06XEfIn0FLIvm6oXhcQAhtUb7zlZR/Dity6
7P9+q96uJuaQ+0M8LTQobS/Z0mosMIQ/7bDjwUceHrMsAObt5eZa8lQGvpKfxAFM
BJCBwjUgrXNvYwkMZlf7zw/VTe+1KyGnqns3iLPJ9NfsrJ+a63o2+c2YWJONEk+9
nLEGiynZ8hL/s2wkpf0ED7v4mNhd9H7cGECURGHvOZ5v3Pv0Y8ht3PCJyNKjU3CH
LFhOm4NbBSzjADFd3FJZFcLo8ktkX/6LzkBXOfIPdl0FxwmiHUHNLHWXJZvDPSrH
TsOStW9WqeIdok4MvtZDRJI+ecEB8B4q3XHFn1Z6K/HA+osc4zgacNf0VmOTG28x
XF3TRI9xiCIsSq5Z+FbgfNd5lqNRCA+FBO0qnVtB9PgVMtOSsA6HF7RCMBv1H1OE
cHmTUZp6by4b4p4VrKuq3ywybArhGwc20ENg9mazc6A3bFoessPIByvygOT38iGJ
DH57DEZgZk6kMpEb97SafzTR0CZ1ya0ftOd6Dv+gJwyLryAZ/xwEt0YqKHbeceKy
ZEtRbfc+8G9Kr4lxH6kob83LqmP6YzX6PTN3ZtYvSm056riIDDtOHdyjIr6crPpT
/TCslwYY7ks=
=d8UK
-----END PGP SIGNATURE-----