A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:info@andreas-falk.de
Contact: https://twitter.com/andifalk
Encryption: https://keybase.io/andifalk/pgp_keys.asc
Preferred-Languages: en,de
Canonical: https://andreas-falk.de/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----
Version: Keybase OpenPGP v2.1.13
Comment: https://keybase.io/crypto

wsFcBAABCgAGBQJed7CqAAoJENBf0iCTvVmy8LkQAIWXDPkBTgXHCs+sOZHeilXu
jWN1TAsxHjxCJCLx8ByNnhmf2vFaaVCWLtdqFM1OcEpayWsLJsva1B8yG5VULstp
dlUl/WgU4kKyGYqG4tuRRmkXr8HdEBaUd2ASeDpzOR/czZ1MDUsQegh0WmXtRRkE
pavEdjN73U3C6bGjQKNtbk8zC0OydkGSpmrsTHNKhJw/PFiXQPbRWgQd/HyflJrd
6xfDtnVOCshVS/nRjfXJvnMjwHZeiFXaaUcSa0TXDyI3heszphgqZO3WuciRZ9cN
OzYbU/DzHIPQVNFp7HC+j8vIQQ3W/0YqiJMtYgpOfmKkvuMZCHYfpwbOqYjLUpLm
OiIkH4CUdYwPbb6G3C6puAXeWnHzFNz47cnSEUdCAnzNUwkfQKqoF/6jBswPASGA
0nuFDT5g/TmmO4qbpVx9fwOrxKIRlwuyQe3d74NCoqw1GpaHov2n9nN4S0CG3ils
FmuSYJgkf74p+2XDmfbpU1+ySQlg+ye2aAnCeCIk5+ETCVeYJwA3aQ9n508okrq3
N/9U+0beRGVO2WZLfopqJTZpIp6LwKVqKGrNU39d1rL7XBBg3gmASrSoWd1zsYjt
1QueGsafEjWLVNrKb4nq3l5gzmbq/Twgctidryd7aQGeo+c6Xr/Yn5aWkGlrob4p
dSpBEIy6m6uozaU6gA9X
=/iRh
-----END PGP SIGNATURE-----