A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# DDFR RFC 9116 security.txt
Contact: mailto:info@ddfr.nl
Contact: tel:+31588458000
Contact: https://portal.smartlockr.eu/uploadportal/7ldc4e#5aaac9d6b7d64525cfac9cd92a6e7a1e

Expires: 2026-01-24T09:00:00.000Z

# We can offer you a response in the following languages:
Preferred-Languages: en,nl

Canonical: https://ddfr.nl/.well-known/security.txt
Canonical: https://www.ddfr.nl/.well-known/security.txt

Encryption: https://ddfr.nl/pgp.asc

# If you would like to report a security issue please first read our responsible disclosure policy:
Policy: https://www.ddfr.nl/reporting-a-security-breach
Policy: https://www.ddfr.nl/beveiligingslek-melden

# If you think you'd like to join our team, please visit our job vacancy page:
Hiring: https://www.ddfr.nl/vacatures/
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEE2tT/V+42p7yS83C72757r97aMscFAmeTU7UACgkQ2757r97a
Msd9cQv8CatkXd0/93EQDzlCqWB/cGncxjKS6EBqBHuHpnApNNvQB/2KUu3lZjD5
lQsWgcTZf1sPKgUl7L/nlXVVpzpz/g+nxIe/yRR3OVuqOXWx6Xa9/nx3HFYTDfwq
URkIhRL4ULE1iz5MiDFWg0s9JWfnmZ1DMNa7xyqiwiUfrgH0U7vyrfVk6V600IBU
s+QXhYibBswqCfRxjXngzXM/6gvzyZFKa1Cx48b5dZwGQaeTlsHLNkhhXd+Kv8aX
/8WW0fNr5JV8uwF6sBKYmFtmVW5X98qcnnnxoy4T7uDmJiZqIYw0vPVrIwzRlErJ
iBZcnUwjFCVNacv359ZhvWLwScqz7q5G4Pwypc+qZd5I8Oa6BSfc9EtSR0WjV1Mm
vCNffsteQM8e/h81D7U7zk7RYAtWqRFwj0zPKzWzXpfwkXrrLQW4BsEV7CvvuCyD
FhjlWFKf58k24LAYTBMxFTwDmVJyeSdTkydnhcoOzzh44dqi0Di2Rdy8muTqM1fW
XasCNyG0
=Dd11
-----END PGP SIGNATURE-----