A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

#
# Stichting Koraal
# Koraal.nl RFC 9116 security.txt
#

Canonical: https://koraal.nl/.well-known/security.txt
Canonical: https://www.koraal.nl/.well-known/security.txt

# Please always try to contact us through following e-mail address for security related issues for Stichting Koraal
Contact: mailto:securityofficer@koraal.nl

# OpenPGP key Koraal Security Officer
Encryption: https://koraal.nl/.well-known/pgp-publickey.txt

# We can offer a proper response in the following languages:
Preferred-Languages: nl, en

# If you think you'd like to join our team, please visit our job vacancy page:
Hiring: https://www.werkenbijkoraal.nl/

Expires: 2025-12-31T22:59:00z
#
# Thank you!
#
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEhSPSLmAjTTfS9CmprN7wNtJJ74UFAmdYD2IACgkQrN7wNtJJ
74W9YQ/8Cuz6Rvx8klyIlQy2F/MzF/ayNTu6gYGxMtEo8+lEQvQWYNG+Ee7+fYk6
dqFcn7B7SbHKDphob4iiaI5zY5+T13c1d9rVByP9kmJzl58bEbPC0j+lwlmuwNDa
cHKXR1j+H32w0AotaKNPQ5ee4b/b0CefucMg8T5NgTNUU3I8dLK26Ao6gGkW4Wj6
dh5gPucW4BeWNNGuMKmXVlYqD5rOZE7J0SSsVbQKHHxYKEKlIOiI3PI/dyLVUrzO
GK+baKn8ImGIHU7mjm0THIfGj57xSjMbaKkRmnhV3RqSY9wDD1R89ogoacOAfdsM
mN8OPzDjQuc83xLwIDX4UJPEYy3mUZRqy8COyRzLjphiLVesjL7UBvjAcP1gQLGs
xJ56KWDuAd597LFBr31TKeFqBrFrbRhgno8PX639iO7Kz8sJwH0aXJL6Vh38A9WX
5DYzeD+t6wOWLGDcdelgunFVoMP1tktfoAfei/+lOoyGTPggZhoiX6opLRwSJRR7
rDhib2ea6c2q2DvCd7+2BWLId0YyAoe7aKVo8/qmao1YhqwnNIB2KHBiPRqPqtef
R/IOA0bFiKnFofIYI/CXoElzeweh46T8vDyCo/Hrqb9puwV3rOSZwBDOsYu45NI6
+6d3qDZinTHsr00Ppum25AXIDuRz1HpRw/1DdA41m+sWCZ3N4Vo=
=I7rZ
-----END PGP SIGNATURE-----