A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

# Security.txt voor i-s-e.nl
# Conform RFC 9116

Contact: mailto:info@i-s-e.nl
Expires: 2026-03-18T06:16:20Z
Canonical: https://i-s-e.nl/.well-known/security.txt
Canonical: https://www.i-s-e.nl/.well-known/security.txt
Policy: https://i-s-e.nl
Encryption: https://i-s-e.nl/.well-known/pgp-key.txt
Preferred-Languages: nl, en
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJoeea0AAoJEJl4eE2xp6vNHHUIAK36fs6mMhSS87+7Me8a0rT2
DVfNp1QOoZyzwBmmasHUlOGWY3SyvtHaLq1bsBVNs5s+wD6lk4/slJAYdeghOuRW
jm99AekkIbHsQIkg59Jp+lSeHEgT1eEmgJMGkBph6MbnwFNY2KZz7HiNMFLhmbEX
OUNdMb6zB4VOaBoGXpT8MbWbNUobpUxu4kt9VKdRqCpo8RKbD/TnhUZr9dK2w+1W
TD83WFrioj1E24wtistwAEDk6260BanUCikQmwIylPRRdDQcWBSVb7nAF+2tMOpG
m827fs1g9QDhGNyZLqAPkMwCrxQuVvqCuv8JBOG+VyAFpfKVCpbvQ37HUKadlzQ=
=oPsI
-----END PGP SIGNATURE-----