A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:contact@cert.total
Expires: 2025-01-01T00:00:00.000Z
Encryption: https://totalenergies.com/cert
Preferred-Languages: fr, en
Canonical: https://totalenergies.com/.well-known/security.txt
Policy: https://totalenergies.com/cert
Hiring: https://www.careers.total.com
-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEELC1a63jHPhyV60KPsvWy9dDkrigFAmDB1moTHGNvbnRhY3RA
Y2VydC50b3RhbAAKCRCy9bL10OSuKLntD/91oV+hblwXpcaXPrvaFS9PeZRdz0IT
P2yd37B6SpusmljdSSodtVmcjEjXQwWkYpf+Ql1xMB4BobrnGD+ruQqS/hTOnduT
tACwWIoFCbbmtiBXlyxc9pmXgc6Mga7M6vsluC7zrz6Qp1xNtCz6iyUEzc9FB2Fg
krWqpigiHMaS4jusZKozRcpjC7QHp2h8TKrfM75iRW6I5xQZrhOTaN8aVlXzcQae
nsj6YEFBdD7YxM+A9bBOvldVqxUX8bM96jPp8MKnoBoutKZznoIrkF8zvv5dazhy
Ot2S6IuaWrsOeIzRy1rVM0CXyOMRaWKIGGOm9zb2hTJb7P3sAcEiB2unZ5mEerlz
FXae3GIqI1W5eAm2wK/zwxZNVRbjMbe76X1L3CtvxS7aR68m+djmWZbosBj28dK0
3BUieH8H/RxpTjFDgjFu/VMSBjnI37NFDFzTdA1y/J8qdNeyxD3Y25U1KpHBi5BA
cr8uJbWnfO/Wg5SKvizLqbTqynTHrIwdu55mqd2qW2ojpfjkxe7Iz/siGnKCGIdh
0pvUB9EAlt22jvNxKWsn7fmZlY/fI8xsrbHbzNLkXlYjJPVzB97YCwcGSqunsJtg
Xy4FZtgWI59/YhrK8GTjKg3+GN83WFDHmuVNZ3CpnmxQEPVcVXejPqIBBblWlFTU
gqJtlhFu8gxhXQ==
=stfE
-----END PGP SIGNATURE-----