A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# security.txt file for Stéphane Bortzmeyer's Web site.

Canonical: https://www.bortzmeyer.org/.well-known/security.txt

Contact: mailto:stephane%2Bsecurity@bortzmeyer.org

Encryption: https://www.bortzmeyer.org/files/pgp-key.asc

Preferred-Languages: fr,en

Expires: 2030-01-01T00:00:00Z

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEx2DK/GOHsOiIbII7P6g2yZakolQFAmESxe0ACgkQP6g2yZak
olSn/A//Z+1EhghdyJUGZgTXsjQifl2lswLJPwkWRjXYpfngOyHwcGEKZubeJSyO
GXmBPiOaRhUL5pmRqGX8/zMaq0Z7tyHjW8CXVEj+g8EKXZhD37zh7pRGZeI1spmc
sdnMIm9cqmMSyOLr2jYF9PyRBbVXSAIlloCjLmvjarxwpSQuDwTAggnWRVrnKxq6
CCLUki2UIJdesV2BxX97dI81j7VWf3Fg5vpwELF1Ebv2nOlDRPcTVLX0aWIUiBzU
X/Md9mF+svCR2nNIzJs9s+9Z2cgZgShjh8hc/SK9yAZnYlU+cQcfEIqlQUAliZhc
LjYqKv0IJ6pRJwl0NlEBpOF5LKjAS8R28VV7d25UNO1n7NcMlSxY11GScIzxDqT0
UtcN1zRhYk3RN4ILlfEyg9yKYhUwEG603NJmS1wwd6UEjVO1B1zO4EITXJmmqmGo
w7vajBoFQ0w+3WglEHQexmolOMV1HgJGJ/iyxo9pWBaRZ/wkaskmX5YDNtsByCUS
o5Nk7bzRx+nv7apDRBxLrlVRjp84MPQrLB6gxYuKptgcYh8kmmFqykUgfrWAuDqM
Yz6gwRUwP0KdJXzLj/OxDwkPuJNmuwAxFUqc2/qXMTSNezvWAHNCpuXcGm6mG8SD
ROHavzd/3IMqkCZpHod6kCyRWm5KXlI047PhK+qzscE5C3jw7/w=
=32+j
-----END PGP SIGNATURE-----