A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

#Please make sure to read our policy page before investigating a possible security issue.

#Our security address
Contact: https://www.cbr.nl/nl/over-het-cbr/over/responsible-disclosure.htm

#Our security.txt
Canonical: https://www.cbr.nl/.well-known/security.txt

#Our OpenPGP key
Encryption: https://www.cbr.nl/.well-known/PublicPGPKey.txt

#Our security policy
Policy: https://www.cbr.nl/nl/over-het-cbr/over/responsible-disclosure.htm

Expires: 2025-06-01T12:00:00.000Z

#[Dutch] Wil je werken bij CBR?
Hiring: https://werkenbijcbr.nl/
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJoEyowAAoJEEJ8JdBGW+XfQ/kP/0fKKRZUIaUJpLeuCMgE7F+l
hKlSYEL0BYoaMBZZYHi8OjcmrkF1TlScDGeDZjyBKnIA64UtMK68G5d7m52rJw/F
+Xdb6j5FwXUl5IMLceU0DLNwPhrby+5fJgKhMdBxRH/zsIi4OET7Qqb2qpD/yr4j
klbaGYOcDCgTeYXyOa/2DHTkydrww431VpcofCVvJuwZDaqM2+ww8ypCPYWN1rFe
5Iwf7x4V8zQoBxmJbk2doW1iIt0sOc1nf8aiuhLg1WOLHChmX5bIh1nPG9tv0EP+
ydgRsjG2dnnVN7/tHihJ1+czm8e/+NrbRg5xs8pb1ymncA9ZXsyFJ07Eji5Hnckj
y7OGgUOAXVzJqkV6MgydmaRJVYF0zpOLvcf1/ZeaJoBZCOpNdkMy/18r2SHSSL/0
9sFUsfR8z4kEF24r0qrQlCXnTXDghU639ERFEUKxGZmplS9E3Ox0klSZJZp3rrrI
OSv+SFmdJ9EEE2xRRw0zxKfdDXxzqWo71okWMoBkn8mdKHpXVGEQsRoAeNwP5Yjq
Gr6rlVhkpwIy7UoEho04WZgHuzuOVz5EWDE5yssiXgeqntWgqnBs2xtV6kXh4dz9
KKhLsT2lIzh/88G70JYN/mmcFMJHyWUW0WdRNyyglHBiLa1eBn/bM2MvxO8d/h3v
RitKB3zimRtGg2vT/Mxh
=7iV3
-----END PGP SIGNATURE-----