A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Please validate that you have the right security.txt file before using any mentioned information below.
# Our servers all have the same file locally on the webserver.
# All files should be identical.
Canonical: https://www.thorax.nl/.well-known/security.txt
Canonical: https://aorta.thorax.nl/.well-known/security.txt
Canonical: https://aorta-testing.thorax.nl/.well-known/security.txt
Canonical: https://aorta-testing2.thorax.nl/.well-known/security.txt
Canonical: https://haarlemmermeer.thorax.nl/.well-known/security.txt
Canonical: https://haarlemmermeer-acc.thorax.nl/.well-known/security.txt

# If this file is past the expiry date below the information is no longer valid.
# We annualy refresh this file to keep it up-to-date.
Expires: 2026-03-01T00:00:00.000Z

# If you would like to report a security issue please use one of the following contact methods:
Contact: mailto:security@thorax.nl
Contact: https://www.thorax.nl/contact/
Contact: tel:+31334659115

# You can find a link to our most recent secure PGP key in our DNS zone.
# Command: dig +short security._pka.thorax.nl. TXT
# Download the public key from the link
# Alternatively you can auto locate the key from https://keys.openpgp.org
# Command: gpg --auto-key-locate keyserver --locate-keys security@thorax.nl
Encryption: openpgp4fpr:E4782CE105F8C05DBA17546B56EC21AAC573C793

# Our response to any of your request can be in following languages:
Preferred-Languages: en, nl
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE5Hgs4QX4wF26F1RrVuwhqsVzx5MFAmekt8MACgkQVuwhqsVz
x5N58Q/8DybrQv1rkRQpk6YU2p2/MhXAUe+lmMcwSMRd/OGKhPAJQOmxcU1RGbLo
pMY8OTtDyrAxaTEje99VgDQK8b96jSeZy1L4WvFIfw+RP/S2EmcGhSIWYmX4B1oC
mhkARRFe/2wi/lXFbXtatDfP5tUiEYlQO+B1Y2i9JyWPTb6sKUTKM94iqig/dnXZ
IuhonswA+2cyMGePCFqoGuo6+nZGRrghB7/z8Cp65p5nE017skdJkGYXpKzwIDVb
9nGqfMC0FLcn+11LjLbvyS+NtUey1efMXSleGHFMNpBHmeJdDGg7d1rc1GQQBFpo
UgYSMnsbSVn77woQ2ak4+xwtBiJ66SidYt/fsUJmrzGZ6RJz4SNSE2jD9IKDEOAz
4w0z8FosJfa8VfDTxNu+dGqzfH2qI7exB+qCXyTFupdUGh95ArsXFJTCvM4QUMqQ
2QjfPWCmNPWiNd9hTJU9KTzh/EWvG3+7fzOkrbuX0jvKdRQVRpwhzHiPjBXaoCYe
cEv1kn8Fq61QXSJfBof1jR3xks8507dtVCGx8PjEEUzeCuQHU2BBLaywhpcvGmaV
8lfi0jZcaLqoQ9AcqPa3DxrX1ldq2uOo6bb5R4iGM078JYDRu9vY+vEcNdXMlHWJ
4zEm7djns9hk2eSZ8T+bYHSyVY953FAkr1Whk+gpuybtJP3FN90=
=J5mO
-----END PGP SIGNATURE-----