A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:abuse@assurance-maladie.fr
Encryption: https://raw.githubusercontent.com/AssuranceMaladieSec/abuse/master/abuse-gpg-public-key.txt
Policy: https://assurancemaladiesec.github.io/abuse/reporting/
Acknowledgments: https://assurancemaladiesec.github.io/abuse/thanks/
Preferred-Languages: fr,en
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEDSx9bqnSlmkiIRXbSDqGYCymPFIFAl4V9/cACgkQSDqGYCym
PFIB7Q/9EI7fNOfyoCqnEH4chiTIW8fx32ldnlaE6WTgdMeQJmkyJrhd2osPAV/j
A9BU+zrWLAwQe9/Dq/w9M6mzYI/SkJ/pC0umqBnRSJYyH8gkme2/jzwh1/8ulX8w
sSOyOW1IZyxTURJSVC+0ku3/02lCkgDmWDrdIN7cmC93E8eENcEsXWQMbkErKZi9
6p+SlwUGBCVU5MaU2jCxFUfnNJ0vN2SRmj31uMvgz7/iwWAtuvRobhJOc1h4hXuG
ZgLqZkCOkINYIXM7VX+JVvenXnrXZbXUtnjaOWlapUdCLJ5QVMesVMPKoXiCivhZ
CCEes7DQsfMQrtUdhASdO9sd5b+Zk48xEpOjQNgMcdca1eZ4m/+ODJavSX1K9g9B
MIggFo7ThASsjF1nrW+X1+XTyexCTdeKh/ISkgJaQ8/+qiuPFKBbY5/2cydxUU5j
e2fszmoF2J1DG/GdOoz5vv5+QwEk0Sz7wLFH+ZCdV6xUFc79ZB1NxrtKk8w3y31Y
nYtC9vd1qZ/vr9f1tK5Fd7ljYsD47Iej2VG+0f0cQ6vopJICxzeiHx3gJpCnfnYj
A3MeFSijloKgu0EFTp5ILF70EGSMIVlqdcIa5q+Man/kdwKS2LCKxqFpODwGT9VC
EL2168D3ADYykGphCEWh003tutI8VN/4mul9WYobQ0yueTJFlds=
=sogG
-----END PGP SIGNATURE-----