A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
# In the event that you have discovered a technical vulnerability in an IT system of De Vinci Higher Education or De Vinci Executive Education, 
# we encourage you to report it to the DE VINCI HIGHER EDUCATION - IT Department using our Vulnerability Disclosure program.
# We forward your request to the appropriate unit. 
Canonical: https://startup.devinci.fr/.well-known/security.txt
Canonical: https://www.devinci.fr/.well-known/security.txt
Expires: 2026-01-30T15:28:00+01:00
Contact: mailto:sec@devinci.fr
Contact: tel:+33181002999
Encryption: https://www.devinci.fr/.well-known/public_key.asc
# We can offer you a swift and proper response in the following languages:
Preferred-Languages: fr, en
------END PGP SIGNED MESSAGE------

-----BEGIN PGP SIGNATURE-----

iQHDBAABCgAtFiEE/94BPJm6p3mXCgNUMKpYog+BZQYFAmXEnZgPHHNlY0BkZXZp
bmNpLmZyAAoJEDCqWKIPgWUGuYIL/0qQSm5cYiKsVuACdN/38AAPY4Ofww0y7D1l
e0EJqJ6KeySU3KdxsjnEFfv4lZy3QcDGaNW1O7bcUg31tasyGJPTkKPNlfvuTodP
2ziyMszcaMGWc9ZBS80+/LX/iadVmA+e1x9P9qVmNC5pwsWPJ3D6FUF8TGCcXzAe
kdFn8Yu4J0b3IXXEMJdKagOGnxNv5FnhVYjSAeKb44cLY3XT/JUFFPaPObYthlR6
gqJdBuckDy4/4Bt/ugQfZpl/nT0F8uxCB25Uy9naYKbbUXKUaiTxk2aPhwgklCYN
QofccOE4oKFWDnINMOXF8QaCpoELvFPCqucCnlA7+Dz3GOKwR6EeQM04MTa3cSy8
oSRP6oGTupFgblzSJu1jaYetdp43BSn4bTN/5MTj6rnXCx/G+uiXWGM6hrHc7mRe
f2rlTIztZE3nPcwDk+9zTSEp9F0eKc6/w7ATYA4ucqEBaYgewHz1bAvek4Gp6My0
QElDuvklPCOXQXnwgqE6qSrQcYsksg==
=v8pH
-----END PGP SIGNATURE-----