A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:csirt@redsystem.io
Expires: 2029-12-31T23:00:00.000Z
Encryption: https://redsystem.io/csirt-gpg-key.txt
Acknowledgments: https://redsystem.io/hall-of-fame
Preferred-Languages: fr,en
Canonical: https://redsystem.io/.well-known/security.txt
Canonical: https://redsystem.io/security.txt
Policy: https://redsystem.io/security-policy
Hiring: https://start.redsystem.io/jobs
Hiring: https://www.linkedin.com/company/redsystem
-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEErdlPYbWzLI3Z1EXdaZrTFRzorJEFAmUOhcoTHGNzaXJ0QHJl
ZHN5c3RlbS5pbwAKCRBpmtMVHOiskbGtD/9AWY2jLgzMR1vEpLYdyFGoU2wgv+yC
Yd2XpEKpDM7msbI+0wFI7gIQs5t8QuAPmyXuwPLK53G6d+/eRNMUTqbtrxuSgOm3
DKtiZPw/7RixjzE+tyHZSLOii22W1FyyoqNoISZob8uKustD7x6+pUf/Ya5p+Fg6
NIkP7cFUE8caT+nd9gLSzzuenhMGhF8g2ivIBYjuYqiRFfmLZ+wnMOBChjmBjyPL
g2qvfVxCV1ZeuR1CLETPU8WxRauATr4eYDz9U2jYVwHLIGuWRf473iay433wSWAR
C3EtLR03XJrVbECbZcqkBZDKOBpI5/W5W72cH+sm+coqP5W1dsgQfovP+yGxQLs8
au4kkI/4055jk08aW4unefD0Wo6ZrS3F0XouyfBykDU9e7JPUkS+anJ1CaLPhhjj
UljeS+vsoyDpxomhy1yORJyhm5vyL0TcrRRw06u2/K5m/9rroRUpSPGhZh0QBa9X
A0hwUMchYyAH5osuV/eSyr5B8UXoDobxV35tIStjZbPQe7fXGJShDyG45fKDZvte
+tgGfHHXIPGgKFeTKBKtxYegM6Q2JqDkcJszdAvkzRIjvFID/BnoxvPjvF7hziUR
pxy+cwRbBaFPxKd++7qsjBLpyZAjLe99AVUqMM2sEP9JqbFNMbjK2cNvMIDBlznu
4AUq+ZorAlcKCw==
=IpNB
-----END PGP SIGNATURE-----