A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# If you would like to report a security issue
# you may report it to us.

Contact: mailto:security@tropare.com
Encryption: https://www.tropare.com/keys
Encryption: https://keybase.io/tropare
Preferred-Languages: en
Canonical: https://www.tropare.com/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEu2alaqEKNVemnLJHzTy7jfaXo0AFAl332GgACgkQzTy7jfaX
o0ArqA/+L/XlLljin7Wt0fpdr+MGEcmIg2u10W+XiIXxw31UtUyMzhEssnDrVFiQ
M3vC3964+t8HGblWAM/Q7QqsjJAYGQUmrNPukLzSm3YN3JwFpAIj3YBJhBx3j2O0
xZrOmdjEv2JUG8wtWI4W62DmkCkz83DpEk5UDLWJwulrc5Jey4vhQ0U28MhuUuYy
3Rt1ClzxIWP2xTjDW3vmjrVn/EAyYN1rpZXr0TZRab5R8YEQL9ntj1B+S6uL5deW
y9/a1RP8DaPtWWieoOuvoPVTnFNILrovUDVCP4je/DerlQGo1OT8uEtJo+Lb0mkq
5lTYBs+7Ag03fcHAmFtDnTflwg6f/SLbPVmzVHnZp8HBPBjfIMZgP9w6KrMqvg5x
5hqTlctozJU0huatHKUJVxkTsSQU5a5FoD1gQ0q9G+/UlWsnN0PcMepwNG9LAdfJ
LVeRk5ZkxG0Wvu8GKa3WXIon0FWE/+2ds4kQaJZe8tivoYKCspIOj/1m3U0Y6Er5
LjPVD4lhoRKpgX2z8Yh2Y0D5oceR2VjyRYZsx5KcU+i/kjJyVKJMIcYX5AGdxl0A
lYvDEr2ueDGkQnfMbi/gqeWoV/PprNQAdpQyAO+/YXUk3mJ48px5AQFvwDOeIfZo
yCCgSy0ze0TKb4T00r0Po7oZaCwEHP/S1+OwaAs5V9bqF1Wg+FI=
=n5BO
-----END PGP SIGNATURE-----