A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# Volt Europa RFC 9116 security.txt
#
# PLEASE BE ADVISED:
# Do *not* use this security.txt unmodified on your own website!
# We will report GDPR violations to European courts swiftly!
# 
# If you would like to report a security issue please heed / read the following:
Policy: https://en.wikipedia.org/wiki/Coordinated_vulnerability_disclosure
# How to disclose a vulnerability:
#
# Please mail details to:
Contact: mailto:navia.caspar@volteuropa.org

# Use the following GPG key to encrypt communications
# This is MANDATORY for zero-days and other critical vulnerabilities, as E-mail is NOT encrypted.
# For breaches and vulnerabilities regarding persons data, encrypt the report!
# Do not reporting personal data related breaches without it, as we will consult the GDPR otherwise.
Encryption: https://volt.link/Navia.gpg

# This timestamp in ISO 8601 - Will be periodically updated whenever needed.
Expires: 2026-01-01T00:00:00.000Z

# The link that is hosting the security.txt file.
Canonical: https://futuremadein.eu/.well-known/security.txt

# 1.    Include as much information about the vulnerability as possible,
#       that will help us to reproduce the problem to have a better understanding of it
#       and fix it properly.
#
# 2.    Please include your contact-info, so we might get in contact with you,
#       if we need further information.
#
# 3.    Very important! 
#       Don't tell anyone what you found.
#       Destroy any data in your possession you've stumbled upon.
#       Don't delve deeper into our systems, than necessary to prove that there is a problem.
#       Do not (!) abuse a vulnerability you've discovered. Or we will contact law enforcement.
#
# 4.    If you want to create a write up or publication on the vulnerability you've disclosed to us,
#       see 2. and tell us about it and give us the chance to review it before publication.
#       This is primarily to ensure no sensitive data is included in it, that may pose a risk.
#       We promise we will not use it to "censor" your vulnerability report, as we understand,
#       that you may want to publish a report for transparency reasons, but transparency may
#       under no circumstances lead to persons being compromised, as we deal with potentially
#       vulnerable minority groups in and outside of the party, as such we have to require review.
#       Furthermore, we shall use reviewing in order to assess GDPR compliance.
#
# 5.    We can offer you a swift and proper response in the following languages:
Preferred-Languages: en

# =********-                  +*******+.                       --===++*  .--==++*-          
# .+********.                -********:                        ********  -*******-          
#  :********+               .********-                         ********  -*******-          
#   -********-              +*******+.                         ********  -*******-          
#    +********.            -********.    .:-------:.           ********  -*******+-------   
#    .********+.          .********-  :=+***********+=:.       ********  -**************=   
#     :********=         .+*******=  =******************-.     ********  -**************=   
#      -********:        =*******+. :********************+:    ********  -*******+======-   
#       =********.      :********. .******=-:....:=********-   ********  -*******-          
#       .+*******+     .********: .+****=.         .=*******.  ********  -*******-          
#        .********-    +*******-  =****+             =******=  ********  -*******-          
#         :********:  =*******=  =*****-             :******+  ********  -*******-          
#          -*******+.:*******+. :******=             =******=  ********  -*******-          
#           =*******+*******+.  :*******=.          -*******:  ********  -*******=          
#            +**************.    =*******+-:.    .-+*******-   ********  :********:         
#            .+************:      -**********+++**********-    ********   +********+====++*.
#             .+**********-        .=*******************=.     ********   .+***************-
#              .+********-           .-+*************+-.       ********     -+*************+
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQS51F2AMPI7m/tXeAWBabele7O7kgUCZ+CVKwAKCRCBabele7O7
kqs5AP9Vv0of6kE6D+4cYpB7bFJks3noEu7p8poV7WdKriDuIAEA/YaHNrIuXnCb
nLWkXrSbbxhMFmjdC834+0wYusDiIg0=
=s/Ic
-----END PGP SIGNATURE-----