A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Domeinen van HAN kunnen met een 302 redirect verwijzen naar het
# bestand op https://www.han.nl/.well-known/security.txt.
# Daarin staat het centrale meldpunt voor kwetsbaarheden en incidenten.
#
# HAN domains can use a 302 redirect to point to the
# file at https://www.han.nl/.well-known/security.txt.
# That contains the central reporting point for vulnerabilities and incidents.

Contact: mailto:cert@han.nl
Expires: 2026-02-10T23:00:00.000Z
Encryption: https://han.nl/.well-known/pgp-key.asc
Preferred-Languages: nl, en
Canonical: https://www.han.nl/.well-known/security.txt
Policy: https://www.han.nl/contact/responsible-disclosure/
Hiring: https://www.han.nl/over-de-han/werken-bij-de-han/
-----BEGIN PGP SIGNATURE-----

iGoEAREIACoWIQTgZBhPlD12wQH18XBeR3b7lKG2QwUCZ64CawwcY2VydEBoYW4u
bmwACgkQXkd2+5ShtkPvQwCfXE63RfEWbbxQZEn8Bz2BA6Pyn6UAnjDkS0XBwRQp
H7p/LATxl2nAcciy
=SxY2
-----END PGP SIGNATURE-----