A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# Canonical URL
Canonical: https://hattink.com/.well-known/security.txt

# Our security address
Contact: mailto:hostmaster@wait4it.cyou

# These are the languages we speak
Preferred-Languages: nl,en

# Our OpenPGP key
Encryption: openpgp4fpr:407B6A3B9CBAC6FE156A0BE54BF247D24ECADAA7

# You shouldn't trust this file, once it has expired (like bad milk)
Expires: 2026-04-04T03:40:42Z

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEQHtqO5y6xv4VagvlS/JH0k7K2qcFAmfvVLoACgkQS/JH0k7K
2qf2/Q/9G9XWW0x3PtzfGE3FeEPN35Vb8zQskBINvWUZVJNiMl6vRNstJl8lNMUu
muxkKTn9NlKY9tiTVg9EK+aFy6D7sUiifPb9Ppiz+s7GaFgErfbcshFZpMsMV+cI
KCdpCJRN9AFVt20xLU/FSkghvMNO1ifKUvU7VB9A7BMiy0eQm/P2oKZ6isUX2HKi
Kn4MoXH+OvUCJyFAy+ayEBaJGPZmno6Ef2QvO96Ze/wkW8CIBx8bAGkBH7VN11JU
ARr+86vMv9VTcTWI6ruV5CwstGxcAqRizGC65NATnCZdu4rw4r2siIaG0xBl3P1K
JJaQGAvpTjXdWooi/bMxv62UuIOBf/HFosOZ7k2hiqPN0oOKUnqXb7gnoNipcPPv
OyaRx5bb0Le4AgGMjAbxAOuRdI8fZdgH1CyA+FHEWYwz82hX2yHz1rN7HWdUyuvF
P8haaOPO/gOdOj9i9LGZegUtXOBcDHNDAOcEioctttw+B0Xq4Kq5qTYdgy8YAssl
cW1NU5adajGV0rEsUr4lYIq/pr97mfRCyGs1ZjeCFhFbNi2qvJwqnj7DtqOak/A2
wiU4F8THv0k5iUDaiGgZEk1ArYeDf+9Af2rzWYjWZCwRo9ODsMzjfeObwPBnLhE+
R8STzsGJh6bjPUSrdcdQuw1pdNeOFP2+F3joLfuH8I4yG+p3xbg=
=Kexx
-----END PGP SIGNATURE-----