A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:matthieu.corageoud%2Bsecurity@gmail.com
Expires: 2030-01-01T00:00:00.000Z
Encryption: https://www.matco.name/files/matco.asc
Preferred-Languages: fr,en
Canonical: https://www.matco.name/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEz6LBnBj7QKwgLunuydMVdP80zPsFAmKXiFUACgkQydMVdP80
zPttvg//UYf9i7d6dy0b5bE0q0XeNPHNOAmdLk72LmzdsdEgtBqzFNINk+fgbwWh
xmivPv7j9/iwdbZNhS/26HoFhch2ymdYpKFf90ThHZ+r3mT0XLoaWFlXjx3YY+65
YVDeoz6UiTA0OYe5+WQw/vVhjqeGsf7c7WohQUp1cQHt1lhVXz9kjB10lWvMHLYn
00xxBK43Ddr9OOLz6fXf4hO8/LGa9nryoqgNwnlBJA2IwVv3FfTcBmVv/LjloJcl
DoNUo0aTA1sshHjHvgQvWEYmbmTH88p7Nl6u/e6ffEcd+ZccODy2Q1l7ATfsCfkQ
eHxrXRgo1t2vZaoRqkT0m4IK8DYRgptVk7ehFoOjcZxGB70rv1Jr3FczEIDfmFP8
SVtaVMHLVtLOCPitnsPFBDVkBH6Rmp76amYP1Ak7aAv1CTC6X0jFqqAdo4cxdS6z
kwi4dGETkDsBs1RvGR5uWMEJYnw0WXHCIhkc1Vi2JK76sC+AlVdvCh6+J/qxb5T+
FdQ31lJ9qNSEgEZC+52NARIdhxcI6bE78U2XCDrNicfDP99Gg0AiXTOk4lLVsZ5S
pVWHrG2hqsqFamgZh5ak9DraspnMKlnMss8x9crq894c80yULCZnU55njR1NEx7k
aqFctRbntKDo0TCvK9xz3spBDukUJOZfaPvRWOJd57GYSC1lbEw=
=Hxcv
-----END PGP SIGNATURE-----