A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# This file provides security vulnerability reporting information for the AlmaLinux OS project.
# Please follow the criteria below to ensure your report reaches the correct team.
Preferred-Languages: en

# Use this contact for vulnerabilities that require coordinated disclosure, no matter in which part of the project they are found. 
Contact: security@almalinux.org

# Use this contact if the issue is directly related to the AlmaLinux operating system itself but does not require coordinated disclosure.
Contact: https://bugs.almalinux.org

# For any other flaws, please report them in the repository that is associated with the part of the project in question.

# Before submitting a report, please read our vulnerability disclosure policy.
# This will help you understand the process and ensure your report is handled appropriately.
Policy: https://almalinux.org/p/vulnerability-disclosure-policy/


Encryption: https://almalinux.org/files/security-pgp-key.txt
Expires: 2025-05-03T12:00:00.000Z


# Important: Do not send sensitive data or vulnerability reports publicly.