A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@lutte-ouvriere.org
Expires: 2025-12-31T23:59:00.000Z
Encryption: https://lutte-ouvriere.org/.well-known/pgp-key.txt
Preferred-Languages: fr, en
Canonical: https://lutte-ouvriere.org/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRiLWafm9havpvVerLWhTmrNUCetgUCZ3UsFQAKCRDWhTmrNUCe
tl//AP0WW1k5dqNQCae0+eIfmvRoqPCaTKzc0Kb2HSKFAiOnxQD9EPAdZnCKLp6i
8AHolu0VVX0sY9X9ksrrFJ2aEi0qEwk=
=aC9I
-----END PGP SIGNATURE-----