A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# The London Metal Exchange (LME) - reporting security vulnerabilities to the LME

# Please report security vulnerabilities to us via the contact method below, after reading our Security Disclosure Policy
# Please ensure to use our PGP key below for any submissions including sensitive information
Contact: mailto:security@lme.com

# LME Disclosure Policy. Please read our policy before submitting reports:
Policy: https://www.lme.com/security-disclosure-policy

# Our OpenPGP Key
-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEZe7hexYJKwYBBAHaRw8BAQdANMGHFgAdsT8snJEO0Jkz3KzxOhE1lI7SS56Y
if4mfCu0HURpc2Nsb3N1cmUgPFNlY3VyaXR5QGxtZS5jb20+iJkEExYKAEEWIQTb
ftrO5903oneCHhd5FMVaTn7cgAUCZe7hewIbAwUJBaOrRQULCQgHAgIiAgYVCgkI
CwIEFgIDAQIeBwIXgAAKCRB5FMVaTn7cgEdPAP9Y02ko0ga2DRF2V2p1mKNR7NQA
Yp+9iDkiowfEosB2YQEAlsQeDvtcME2iUAsTTpkZNwgKn2hKpgYCDyGuWRTeyAi4
OARl7uF7EgorBgEEAZdVAQUBAQdAhFTccI7K/h914pp0ITWjgmqHobRydrpNM2GE
SPyogz8DAQgHiH4EGBYKACYWIQTbftrO5903oneCHhd5FMVaTn7cgAUCZe7hewIb
DAUJBaOrRQAKCRB5FMVaTn7cgAfnAP9rBVOLQCRgIGNMTiBxLsB1teh4d3agtaAP
hZpKkMisPwEAuB//i5gqQnz1JR26t43DAm8wn2LNTBvP+TbJQzePpgI=
=2j2g
-----END PGP PUBLIC KEY BLOCK-----

Expires: 2026-01-30T12:00:00.000Z