A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# How to report security vulnerabilities to VRT (Vlaamse Radio- en Televisieomroeporganisatie)

# Report security vulnerabilities to this address. Please read our responsible disclosure policy
# before researching and before reporting any security vulnerability.
Contact: mailto:infosec@vrt.be

# Please encrypt your message if it contains sensitive information
Encryption: https://www.vrt.be/.well-known/infosec_at_vrt.be_pgp_pubkey.txt

# Disclosure policy. Please read before researching and/or submitting.
Policy: https://www.vrt.be/en/responsible-disclosure-policy-english-version/

# We recognize security researchers for their reports. With their permission, they will be listed
# on this page.
Acknowledgements: https://www.vrt.be/nl/info/responsible-disclosure-policy/responsible-disclosure-hall-of-fame/

# See https://securitytxt.org/ for the specification of the security.txt file format.