A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@notos.co
Encryption: https://keybase.io/renchap/pgp_keys.asc
Preferred-Languages: fr, en
Canonical: https://www.notos.co/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO/ZQE2eB/w67vSFovPyFnUm0aZAFAl8F/TcACgkQvPyFnUm0
aZCF5BAAq8B9h/9An2PP3B22TGPcZ3mRyh0OvqeJ0MG+TuMtjiQsOJzXhJSBXhNB
biCcC4ZfExIocVCZ2Ww+54ADrMPKiEHqgULv6mjdGRjxXAM0AH/W4d1mQTu+qTIj
u/pSUCW2dUEuI1JwX+IAlCrAjvPj4lOATyEPy/AUtjakPYGgqMsupepOmBBJNVjj
nPQb/aeCB/lth+3KGUI62FvAIX9NfyAR6v3qcqpoyMkq0kmZvfUgz3qJFPEE7iuj
gHeaM59pbkwaIFg9ZYUkp/xofPSMpYPdB02LO5+JVrkRxSM0edKBW1h9JwlzAhvf
BsOfnxSLusdst+FCLMNdVoni0x6i9mKL+I3xSfTpk6kKvyEpbY2LBlk0GrVAbT7K
XlXmoWYFD5QXZlDItNOTkUG77aZdBLfHIqzn9kobgDi2fLTlBXkkdIoKx0iA3v58
m5bxZyewUyony2Sq6C/AX3PFWXzsvkAUMZQpCfZmlyANsLXUhApcbdCXguod/eli
qlrJ+tmw5LD+QKe/zeHI3zrfpOQ+2UTGWZ7BQCQ3PeKW7yJmjfebDZhS9swuUBVX
iba5Y0bzurjy4gxP29fSlbqqqQfz4EaD6+xW1Xy7Pr8bl18J7XRH69g9Cfal2wGW
/Vn76LREQOZo/MPDA9o3Ls09Z5cf2wsbj7v86+zjqzZTholGZzg=
=aBep
-----END PGP SIGNATURE-----