A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:cert@nipv.nl
Expires: 2025-11-30T23:00:00.000Z
Encryption: https://nipv.nl/CERT-public.pgp
Preferred-Languages: nl, en
Canonical: https://nipv.nl/.well-known/security.txt
Policy: https://nipv.nl/kwetsbaarheidmelden/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE+05GNYsqCtDtdURfTHaOPUXdISEFAmejT3QACgkQTHaOPUXd
ISGMhhAAqDyOibVp0vv1kzML/sNWVaHFSVjMxS38KAc/GjsdBtuHDB0Vy2/CmzQ6
5NZrSGTHuk7OVRvHOJaZJi3/A8woUEJc57XmGj6MHM3KAcKfJ6S3/65QpaDu64EN
91UqMtuFlyppJ2ORGu4npvMy8/rYy1WYOWOk8GJLO/e6hQgznohmAtYTAt/FnUmZ
IzSkt6rIF4a4JrOfmG3TkqtWjfKhFYZXoAURZ8dg3RRrJaCoWaTfw4Cnpm69UI1N
UpIy8yOkRV20U7XBv6SCuX7K8bG55Via6DxyKVX7VtIsazlaWJwMOHTgbxxQzrrF
EBPsYwp3+wjAYRqrUwzomIRtj+PCvKtuW1PRdOwO2v/mJI3QYBg1s7mpFCl3YoxF
xly6gqLFRVyI52hqziTr+J+efUalSehKqwC78XYJ/5IFSUw6ZYlD7qpB061EgHXp
3Bw9plTxKl35c0fkQmyZdC/tO5USlg81uC1MqSSlKQqgyINXgNEceM7/cu5hNrtq
nQorjFlcfB8fv/V9GI6TQrCztX+J62eTFziWR19J2R7EfYJ6eAQj3CrV8kYMHxCg
hGJQ3UxCSSBVrQK8rd3juJlxpT/Nw4FtTJ3/V3tjh3kF63zBPw04VnuKLZFYzcEh
rBecMpS2TGcg3BXjfQ8s17DpxZb9rXUIrciAuGDNz2kkuqFHSrE=
=JJxy
-----END PGP SIGNATURE-----