A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# In the event that you have discovered a technical vulnerability in an IT system of the University of Applied Sciences and Arts Western Switzerland of Fribourg,
# We encourage you to report this to the IT Department using the following contact details.
# We forward your request to the appropriate unit.

Contact: mailto:cybersec-incident@hefr.ch 
Expires: 2026-09-16T07:11:48Z
Preferred-Languages: en, de, fr
Encryption: https://heia-fr.ch/.well-known/key.asc.txt
Canonical: https://heia-fr.ch/.well-known/security.txt
Policy: https://go.hefr.ch/sinfofr/security-report-scopes-and-rules
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQR4vR4kFH7TKX22SjyDMv5Q12zPnQUCaZdJ2QAKCRCDMv5Q12zP
nX19AQDwMu1JnNSzir2a7ZmLtcHlG/RJIqHP9jQVB39b+gZQEAD/SJZ0Lzu2emIn
vN5EOpwu816NoZeVXr/by6IqXKDfKAw=
=poOg
-----END PGP SIGNATURE-----