A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Canonical: https://rothermo.com/.well-known/security.txt
Contact: mailto:security@isaeus.nl
Preferred-Languages: en,nl
Encryption: https://isaeus.nl/pgp-key.txt
Expires: 2026-05-04T04:07:20Z

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEJKZYhMDk9HcLcYvO3hipuwbh0DEFAmgW5/kACgkQ3hipuwbh
0DFFvgv5ARC4UBEbT2abtS7feZPnZfh3GEo/XCGfcFm95oWYI4+tRMlBj95QwyMA
tr21wHTgZDM51+4HsJ42o6fhIiUct/0HBYFVMfNG/DEJN2RVdReGUmH2tMBK+St7
H0GnRqMjnvtrlSN2sqbtHpzyY4prZbje8pTPy/fbKGBqkHo7FSE14/EVgnhyPtRl
JRB5+Lsg4KjI+KY6NTVDBpLRhFmBU8NoxlGJqpZArNRpKVRGGZSXfT2faGBASgLl
hwrmDxi2gdyh+cgkO6LGIrtV548Hw+Bd/Y2uzhloUiBsXk5dWkBLj8DhR9QqDRpG
PY/di/b3yf4NAh+kCB3rr6v/BSH4vkrbGbctDYvDC9mT5TqgT1ig1kJ9IA0+fsCX
Btq3wBH36K3YPemD+tgZ0XjRdaPLZbIYE+j+aIhntqJFpzizaONVHYCDv2itM3Tk
oz3sL2SZ3nDYZpmSrnB58gGexzykrzIQkqr0QrVV85sDEXl6divxfyyXooAlfjvU
0XgIGoth
=nQsD
-----END PGP SIGNATURE-----