A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Canonical URI
Canonical: https://eurocontrol.int/.well-known/security.txt
Canonical: https://www.eurocontrol.int/.well-known/security.txt

# Our security address
Contact: mailto:security@eurocontrol.int

# Our preferred languages
Preferred-Languages: en, fr

# Our encryption key
Encryption: https://eurocontrol.int/pgp-key.txt

# Our relevant guidelines and policies
Policy: https://eurocontrol.int/disclosure-policy.txt

Expires: 2025-03-01T11:00:00.000Z

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEOnbwC2N4905vizz9X9yv1oGr090FAmVzKmIACgkQX9yv1oGr
093O/A/+LIMVvGY6kTy0WK+jXNKJyFmQGLgwYnX1sJuBKsVdF2Z7CBS9bx893MyO
ZXii5NEFzKHQoa9nsP80YhrKUjaLewLrJ4Rpq+w/NO/AFG3Cmn0IHZADDOw59Gki
W40P+aB7NytQ6vWydagjfBOcFirnbumh5AZmP0MQldOCLloWFxBNMSr3JLtB1HV+
s4/AXDfnqgKzw4Dxr4S4ABxNfib1tRuf2ih2Nnb/mfZvBsB8sle3TsnD7ZI1AwgH
D0ZLw9oY4JCpHYzgud3UI/GzHLTlQT89CPnbjeMQX28xZBcv1eu8aIm5Y48iNQMK
5Pghp4dA/gAQB4c8fKFC/tY+MIxoCMeK/vPnMEpJgTFTcTVbE47PFiscjt+/0085
PWS/f95Xy6OAHyqBBhZ7m3L1Hum1luDDQ5v+9l7rtW3fa2v0l/Sq/yk7kkVnbUIY
0bP+CdfoFXlqB4rOzC6LndiZvGODSOL9pclhLW8n6YAGaZ+mI7kpLPasVZDpnvAy
zoNe1MOnoYEQsFyQzFgXlmoxMF8CTEfHLdeeImsqQrTgUXHD4urJ8rxlHg1haN0l
uK6MwdS6+Ug5UQLFb28y1Aquq35WazPBWb9PzrPXd1f2WPhHKDpCtrZjGYwl8C4b
9rqqWYusHRl1VQHEglfUM75w3QKsX9rMHnokzv0eDO7emNSVAtk=
=okyZ
-----END PGP SIGNATURE-----