A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# CERN Computer Security Team
Contact: https://security.web.cern.ch/home/en/csirt.shtml
Encryption: https://security.web.cern.ch/home/CERN-CERT_public_key.txt
Preferred-Languages: en, fr
Policy: https://security.web.cern.ch/home/en/cvd.shtml
Policy: https://security.web.cern.ch/services/en/code_of_ethics.shtml
Acknowledgments: https://security.web.cern.ch/home/en/kudos.shtml
Hiring: https://careers.cern

Canonical: https://cern.ch/.well-known/security.txt
Canonical: https://home.cern/.well-known/security.txt
Canonical: https://home.cern/sites/home.web.cern.ch/files/security.txt
Canonical: https://home.web.cern.ch/.well-known/security.txt
Expires: 2027-02-04T00:00:00.000Z

# Please see https://securitytxt.org/ for details of the specification of this file.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEW2fq/8vTzwh9jTPJjrFnEO409XgFAmmDQDMACgkQjrFnEO40
9XiRhw//SBhrlHa8UebII5xk4h8NweWF1gtw6A/HZlJ0Kiwelo3Fu+qeyN0SR5et
+lP7Xn7ronAjV1RQOCWxDMiZQmgqFS+vJE83VIgONiELcQtLMXIk0IoQVb/zPS3m
p2tTf8EpKiNW4yqOFRdYHqvkvz/+eZCXjqVXaYKDMELKmR7es2+gHwFNs0luS9bV
ynKNoJRpg4UszQnTbChOOjBsC+6LK2WsGbc1OdCwWg+iVLzVwQktLZAK3YWKHP6v
9709QvYOErxppl5I29S78nA9xxSDn99ALDsS24EN7kDwWRZXQiajKjsNgTMI7PQ2
yrLv5O/QvJF4lYIMAok1hW+XA5seiVCxMOcZKt9DvRb0hdg68yWkQpH695K1q4Hg
RBF44tYrJtx5RQDDnvQGJlWcsEoqiWR8STU3i5XmHdgQL/rbpeIafTY7MISq4k4B
WPpbC7HIyzRGw6m5fQdVuOo2nAxCgA+idoflq7V5bFR8HWGCrP40y02PkqxAWezQ
jCh9TvybJcvtu6OgDq8BpQvAETgQbeCTn++PJpcupQvYmJKqq/7k/eu14KRrb4Dc
RyoETqzqmVWJCx0YL2mhfVsXyWY/1Tjq56a3sz1+HLzfVLAGnDh5EWRTEGkHuRGo
9TJlH39Y6OYGdNg0eSfbpODhpSD1B9ryJ3QGVFNwi+4NbbPa5nQ=
=JP5G
-----END PGP SIGNATURE-----