A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# If you have found a security issue on this website, please report it to the following address
Contact: mailto:security@skule.ca

# If you would like to encrypt the email you send us, please encrypt the email body with the contacts'
# respective key and place the encrypted data encoded in base 64, along with the encrpytion parameters as plain
# text in the body of an email. Please do not send us fully encrypted emails.
#
# These keys were also used to create the detached signature which may be found in the same directory as this
# file, with the name "security.txt.sig".
# (Not yet available) Encryption: https://skule.ca/.well-known/keys/webmaster.txt
Encryption: https://skule.ca/.well-known/keys/sysadmin.txt

# If you report a unique vulnerability, you will be featured here
Acknowledgments: https://skule.ca/.well-known/security-hall-of-fame.txt

## Please review our security policy before attempting any tests
#Policy: https://skule.ca/security-policy

Preferred-Languages: en,fr
Canonical: https://skule.ca/.well-known/security.txt
Expires: 2022-04-30T23:59:59.999Z