A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

#
# Eneco RFC 9116 security.txt
#

Canonical: https://eneco.nl/.well-known/security.txt
Canonical: https://www.eneco.nl/.well-known/security.txt

# If you would like to report a security issue please first read our responsible disclosure policy:
Policy: https://www.eneco.com/responsible-disclosure/
Policy: https://www.eneco.nl/responsible-disclosure/

# The preferred ways to contact us are described in our responsible disclosure policy:
Contact: https://www.eneco.com/responsible-disclosure/
Contact: https://www.eneco.nl/responsible-disclosure/
Contact: mailto:responsibledisclosure@eneco.com

# We can offer you a proper response in the following languages:
Preferred-Languages: en, nl

# If you think you'd like to join our team, please visit our job vacancy pages:
Hiring: https://www.jobsateneco.com/
Hiring: https://www.werkenbijeneco.nl/
Hiring: https://www.werkenbijeneco.be/
Hiring: https://www.travaillerchezeneco.be/ 

# Our security.txt file will be annually updated.
Expires: 2025-12-31T00:00:00.000Z