A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Groupcard domains can redirect to the central file located
# at https://www.groupcard.nl/.well-known/security.txt
# because Groupcard-NL is the central point of contact for vulnerabilities and
# incidents for Groupcard.

# Our security.txt file will be annually updated.
Expires: 2025-12-31T00:00:00.000Z

Canonical: https://www.groupcard.nl/.well-known/security.txt

# If you would like to report a security issue please first read our Coordinated Vulnerability Disclosure (CVD) policy:
Policy: https://www.groupcard.nl/cvd

Contact: mailto:security@groupcard.nl

# PGP public key to verify the sinature of security.txt
Encryption: https://groupcard.nl/pgp-key.txt

# We can offer you a proper response in the following languages:
Preferred-Languages: nl, en
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCAAdFiEETW5SIrNZYbbE/SR+ALHQ1nzy4YcFAmfYQzAACgkQALHQ1nzy
4Ye26gwAoi1g6YqQgLScADwOmBHykmlgSyJkoBYcyY2ZBImwVJZ+g1uZYbDAOln9
qkHc6J8KRYpITUDr+dadkapDR3Qmj08Oke9tzv5Ip9PVe3O9RQr/VNdFt6InFBQG
1L/ZudAVRtcC/hs/sAg4U2buZ7KQyh3YiShuCZI889Yqbl/rrKlIYX3HKWDsF6tk
Mn/4DMkP6HE9u5aXBdXznttOW1e7vYaJC4BiYOgkzLRzM40Kf8WV0QDzvnvja44p
PGTIeNv5qCtfDt+NmuoUrex1L9nwniNdfyMutao1m5eP7nFT1L7/LPgdze3L5zzs
bBguaie1RPuAsMK34vvXne1Tc0MJWVw/etSo8qk3O1VzNSJvIDoGfIwINFqXCzuF
W4EDW6QWJjPg9eTewIF9f9RmLtiOGOMWQaXKUSb5ZmLPvMnBx1SliPpAfI7xmE4i
9q4QLCI0BqeISAftJn8tdZjBhG8669QbLwj5r7f3fuc6l80OF1t2dzbxjfGxEtOg
SJBN3xC/
=LfA8
-----END PGP SIGNATURE-----