A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

#######################################################
# If you would like to report a security issue
# you may report it to us on Gitlab.
#######################################################
Contact: https://www.vertigo-montpellier.fr/
Preferred-Languages: fr,en

#######################################################
# security.txt is currently an Internet draft
# that has been submitted for RFC review.
#   https://securitytxt.org/
#   https://github.com/securitytxt/security-txt
#   https://tools.ietf.org/html/draft-foudil-securitytxt
######################################################