A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: security@billetweb.fr
Encryption: https://pgp.mit.edu/pks/lookup?op=vindex&search=0xF5620B4A8F74DDFE
Preferred-Languages: en,fr
-----BEGIN PGP SIGNATURE-----

iQJKBAEBCAA0FiEE5HNYFpGb36yG8Wwc9WILSo903f4FAmEw0vMWHHNlY3VyaXR5
QGJpbGxldHdlYi5mcgAKCRD1YgtKj3Td/lXlEACH4VOKbsz8HzUWHfl28kZFqESK
UBsI2/1w8CiUZNjPPY9vrUOyQ8YofLbo+qAm7F1WuGYIymYCvKGpDFKZyx2EUd3E
qhCu52/1kJGYVBW5LZ1x0WGy5MXh5p4cQm4GKFQjFnsUHH07LT0PiEPiMfHRbV04
XflsOGi5aH5u9NG8SEuaMoKA9aBDcmRCrYDKuCL8xk52vs0h6DV7PH6ibZHD1i74
Dwj8icPTcdawF0rf7JlJUCOI6Hel9inIqrHJYAYT7kQzkApSe0f9ceiOqxNtUSu2
ODlknEZW3e2QXwXm6DW8VNNo6FTLS7E1snoiJ2yfRzPl2xlzE2O6Yw+SfAtzF6zT
ByJf/Ud2x9VluCZwZUP+U3zZDOzrQodMZ2A7LJIqYrItt3boQf+tKKKSoWYEuETF
NOW9Z71awf/uEieYYHE0u0iBaDlngekxin8W1JOvnRNg85kMcHbKCfBQ7Ma70Uym
FaALOaBcBR81P92xrQxLZPYzbuWOP6Vgebder3yYpKi72HdZuZExRuy06zB3RzGB
ScWXV4ZVX/QbJKID4Ji9sHXpON/2N7P3s2gyGnxhFoMm9tPYv8wDCmdOXoLFgypO
1raLiYpBpg7uELD8l9mda0aFdjm12NM3QQbbo36hWYc2VPQ6+yN0hrDbjPlr9Xia
7r5jUePi2kaIyGn6Fw==
=CJ5A
-----END PGP SIGNATURE-----