A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# security.txt file (RFC 9116) for Stéphane Bortzmeyer's Web site.

Canonical: https://www.bortzmeyer.org/.well-known/security.txt

Contact: mailto:stephane%2Bsecurity@bortzmeyer.org

Encryption: https://www.bortzmeyer.org/files/pgp-key.asc

Preferred-Languages: fr,en

Expires: 2030-01-01T00:00:00Z


-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEx2DK/GOHsOiIbII7P6g2yZakolQFAmJroy0ACgkQP6g2yZak
olROsA/+KNa8jOZZMn78bDqBoDNN34bOGbkpzITIX4K4TOpxi8+5HRGdOf/C7gEE
7aWZo7YzaGEzitAxkfFltRc3F9w/bIIoFtngDXRm3lPzYhpF+cMzf2DE5MKZZLiG
WBWagA5DQLY+/ALa0gLthimH3KnBQrQ7Fn0iwjYD1c0zoQ8boptJpvhZpQvD2ZBC
wLkwYx1b0kI0wkHlYw7bnJEYDkG93j+erU6JPKQVXyvIoCgfXh+Unl74zdZItmSV
ttt8VE7GPgkz6NJ79+2PIdRdS5wVQgR8TcqzVuqrNzcGZU20YzCSzzEO+edGKPX2
PduUgcduHMh/m2i4kgI0SXkUKVEkTLSCy2KkIdmXuV34X7A8bzACx2UsLa8MTHSH
hxobJnBoC7mXXYq9DKYqJJOsEqmWmU6tmwuyiNso9XqU5vh3lRWMg40Umxw9d5gB
e3ujH3xXaB6qWZx0e0ZLXaLcSP4rctc5S3ZtC/BDrEiaRSUmDzDEBXNtsqM/YVTW
KnixFeys/brJGJ0sRN5Cp9VoL8pw9omOWTfb6qJs1IVK/5qHeqHwn9YlWokczrJp
amjCDQatdSg+q91bzGqW49d2dZdKJvqLKE+5xkyQqIdJ/K4RLAYBBvFyhxPOTIrw
y29q7LWqfDgtFyQdMutC7owe5lrK04yhq4ALhz/V68/CTL20ZI8=
=3TeB
-----END PGP SIGNATURE-----