A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# Our Security Policy
Policy: https://www.odoo.com/security-report

# Our main contact email
Contact: security@odoo.com

# Our GPG key
Encryption: https://download.odoo.com/files/odoo_security.asc
Encryption: https://pgp.mit.edu/pks/lookup?op=vindex&search=0x0B9EA35A8E877D2F

# Our Security Hall of Fame
Acknowledgments: https://www.odoo.com/security-report#hof

# Preferred languages for reports
Preferred-Languages: en,fr

# Reference URL for this file
Canonical: https://www.odoo.com/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEkIPeRlSnjePPrdiAC56jWo6HfS8FAl8qZ1MACgkQC56jWo6H
fS+sfg//Q1EEVt5hVEt0FC1yz2SzN1bEGagQQ7RC3xV8LWyZokUbRMJ50mKmga2v
p52A/7fxRqbq92KUZt1p2u6bnub5cW7Xkc+reQGfdid56i8WN1gGqzUwdcPpYb+i
G4uyv8ZG+pregCMxloFnAni8DOqQPnLX+cHgZpKaMHC+jrK+TS7+xdv2vf8DEsmr
HDNlMIBqJMSTtNf65V5nMjYxHGxFkuT9UZPIdL4zop01Ky0xyWhGRhotmU9OUVBs
/NGMAL7YE+sNesXAwx4osJovR3WNulq/J+K8xjDRVDnpKhZLVYTuhBrkSRwTlUz2
tBKJjTCeRJw/cztmYh6Wbu/u9UNNgDVn/UhlMfPC7dOnN7dcc8R3+Y5wgLm7TzK3
ozT5UnTjRqV+dmfj58+VWU2O7X+gnkdrXCPJMvrtQ6Z32OyK9CESefX85E8yCnTi
+pzhX1otr/dXxKUz6RqHFEFLyCj/OZpbRWE4xon/ZfOBvamiHsvYAOJEPEOr56Wa
1amywf2KobA5Qj0mY+31+kmk5obnahRezRFCz3si+cLwfxrNn3rzke0quY+YevAM
ZmZgZ+K00lXs1a/sJVS1XSaRRwNrchwHL8xM9IqXs1MLtzEnOWWVgeO/qwCMCGKY
2GxAtGPG65znjw16ahsCTuH0zr/00LTb9mPBEoKwkBLdcb/i6SE=
=VYNv
-----END PGP SIGNATURE-----