A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

#  _     _    _ __  __  _____
# | |   | |  | |  \/  |/ ____|
# | |   | |  | | \  / | |
# | |   | |  | | |\/| | |
# | |___| |__| | |  | | |____
# |______\____/|_|__|_|\_____|
#  / ____|  ____|  __ \__   __|
# | |    | |__  | |__) | | |
# | |    |  __| |  _  /  | |
# | |____| |____| | \ \  | |
#  \_____|______|_|  \_\ |_|

# Please validate if you have the right security.txt file before using the information below.
# Most of our other websites will redirect to this central file, but some may have a similar file locally on the webserver.
# They should  all have the same content.
Canonical: https://www.lumc.nl/.well-known/security.txt

# You shouldn't trust this file, once it has expired.
# We are sometimes a bit forgetful, but we do have an annual re-occuring task to keep this file up-to-date.
Expires: 2025-05-31T21:59:00.000Z

# If you would like to report a security issue please first read our responsible disclosure policy:
Policy: https://www.lumc.nl/coordinated-vulnerability-disclosure-cvd/

# Please always try to contact us through e-mail.
Contact: mailto:cert@lumc.nl

# You can find the cert@lumc.nl PGP key on our website.
Encryption: https://www.lumc.nl/.well-known/pgp-public-key.txt

# We can offer you a proper response in the following languages:
Preferred-Languages: nl, en

# If you think you'd like to join our team, please visit our job vacancy page:
Hiring: https://www.lumc.nl/over-het-lumc/werken-bij/vacatures/
-----BEGIN PGP SIGNATURE-----

iHUEARMIAB0WIQQjbpRL8N1mqSEtY5i2VRm1BK92egUCZnV8aQAKCRC2VRm1BK92
elNXAQD80N4RGH5FybW+dB9STesSyg/4TnYlzPMBJ9n3tGYRWAD+I3tU3bFSHrOl
KG3ynFM795sRn4cpFwGZNCEMwrP2fnc=
=ZWWv
-----END PGP SIGNATURE-----