A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# How to report security vulnerabilities to Stad Aalst



# Report security vulnerabilities to this address. Please read our responsible disclosure policy

# before researching and before reporting any security vulnerability.

Contact: mailto:infosec@aalst.be



# Please encrypt your message if it contains sensitive information

Encryption: https://www.aalst.be/.well-known/infosec_at_aalst.be_pgp_pubkey.txt



# Disclosure policy. Please read before researching and/or submitting.

Policy: https://www.aalst.be/infofiche/responsible-disclosure



# We recognize security researchers for their reports. With their permission, they will be listed

# on this page. We do not offer a bug bounty at this time, but honorable mention will be awarded 

# based on the severity, impact, complexity and the awesomeness of the vulnerability reported and it is at our discretion

Acknowledgements: https://www.aalst.be/infofiche/responsible-disclosure



# See https://securitytxt.org/ for the specification of the security.txt file format.