A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.
# We value your findings ! # # Dear security researcher, if you are looking for this page is because you may # have found a security bug on our website. You have to know that our teams are # performing security tests on a regular basis on this website. However, we are # glad to count on the community to notify us in case a security issue findings # on our websites according to our Rules of Engagement. # # We do have a VDP program available to manage your report. Contact: https://vdp.loreal.com Contact: mailto:firstname.lastname@example.org Expires: 2023-12-31T23:59:00.000Z Preferred-Languages: en
This policy crawled by Onyphe on the 2022-12-20 is sorted as securitytxt.