A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:ssi@smacl.fr
Contact: https://twitter.com/SmaclAssurances
Encryption: https://www.smacl.fr/.well-known/openpgpkey/ssismaclfr-pub.asc
Preferred-Languages: fr,en
Canonical: https://www.smacl.fr/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQJBBAEBCAArFiEEOf8XDwoopwiT9iATpPQPKxh51yQFAlxbDwoNHHNzaUBzbWFj
bC5mcgAKCRCk9A8rGHnXJCIMEADGHCPcn/J7jMDjUAGPe8Xizw9EQvfrA3kAUH5r
WSbTrz9BIcwqy73KP6ikurdvXdPvbNuvB4eZL8TrCDdbU00XHeLVGmkdtCEWWXi+
nY7ONPgh30uXDYYPNs1vUB9MeVJxiQrbp3QHU5PD03CuAxCEt7H4fq/dWQZ8mYo/
Szc4MhZW3EEl6L8bwM67le2evzLbGvpQ7DDPnOm1VooDJvGU8Aumo+yFkkoEULq2
NvxJldmUicSiG74/50fREN4GMoKntL+2O5r2VU3tvmBwCKCXsdyojQuGadCdipGL
3rSG3FHGND6JNhr9QsobueD9KlSWVGZ9A0X5LH91mWRy2RDg4DAam096ZU9ovLao
XgBZb9fFJwTYCPzEEx4LG1ysTXXEVk2itxGO8hA02IBtfaITnyNoJuYW/MQJzZzm
wvzjbjKkvgCqJ2FADEqy/1Hq7qPFlfzvlKvsIax7/3+MWzPOaLdsn4x63Kl5pN34
XpuTHt9CM6nSjrXu7zGhJc0rAd1Ggmsxs6phcxqB/0RjOPVHuw3ZOcwR/7BUmxVg
kk08eGDmJxG/VvMnS8O41d3CznpdJhvOi/UHoAwBrqacqlLKJFXtcK+KAyKsJ+n8
doi+fgfvW15D6pLUt/Igm95epkvYU70kNKkMfhTXWEB1+cZzhhVAlCtGqsLS03Wq
ssQW9Q==
=CNbh
-----END PGP SIGNATURE-----