A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@sohamroy.me
Encryption: openpgp4fpr:7F6A217EDE0E471E99964D5AF43D25535101A2C4
Encryption: https://keybase.io/sohamroy/key.asc
Acknowledgments: https://www.sohamroy.me/.well-known/acknowledgements.txt
Preferred-Languages: en
Canonical: https://www.sohamroy.me/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRAxWAZXzwCFiASy+alVYqiPVYKigUCXrnqVwAKCRClVYqiPVYK
ikH/AP9oFN76WUyuYnNbdb66o2KIDNai1RghEl0MGYomiCrdNAEA/Wgpsz+LHN9j
Io1LiGcZ63gmQ/Wv4hTYss9iJXybrg0=
=9kTn
-----END PGP SIGNATURE-----