A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:dyn+securitytxt@dahlberg.cologne
Encryption: https://keybase.io/daviddahlberg/pgp_keys.asc
Preferred-Languages: ksh, de, en
Canonical: https://dahlberg.cologne/.well-known/security.txt

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJdP7K9AAoJEBpmwIVmdDI1j8kP/0GywmWYAK+ZHIW9GaMdACdR
J40/6T5bU5vz925pxb9G+Rlhy5onQSbFHJMQjsVqJ7ugxkV+7nP9xHWUtaD97hN9
Q9AI9hA7sWAUXvlUwJVrHMduKKjiIE7Jn2zk4Ghzm4R3nwD/khhKLiaZ3HOL3ifw
I3ScIgc7/4grNmSt7J0luLR3I5D+AQwXs5DQIGkcPzqi0F+90huM+fwQAVmtw/RO
MAJAvS/GxpynrDMLwY8tqvfNpAAKo5+spCxo7RQFNrseP/C8JYnrGI3DxIUEI0s7
GnO3SFAMV+1eHmn4Zush0d9Mes26BuyTtMmWY+rodcxec6de/521Nf898xrKYlu0
hpN85jYTUi1e0w4eVfitRbaML2JzAdEGhdlEal9KvJSdUbsEukpSl90pM4ZU9cxC
3AaKo7Ve+4JfFkINJOTPbvajABrDlpsPvn1HgGPMmAJSN42+oFj1cYDaxQXGwBzO
+PEF7vKCzCi+/9kx1uHUneAiboZvAokaqztXx0l78rIbKA6Mpy39cqEkLExzwPkD
+dgblb28MHru+84P+PebZwZrVRDSA03SpdfiHcYD1hLGEWLZ8vrom5F8F997b67s
TkYFILV3N4W3Ed4PaGDVjn4eQDl8Q61s+djSTiGkpu7IUvSXS/76bfa6J055yX7L
rS4TbNhY8xY4z86K57PN
=pLkN
-----END PGP SIGNATURE-----