A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

#Please make sure to read our policy page before investigating a possible security issue.

#Our security address
Contact: https://www.cbr.nl/nl/over-het-cbr/over/responsible-disclosure.htm

#Our security.txt
Canonical: https://www.cbr.nl/.well-known/security.txt

#Our OpenPGP key
Encryption: https://www.cbr.nl/.well-known/PublicPGPKey.txt

#Our security policy
Policy: https://www.cbr.nl/nl/over-het-cbr/over/responsible-disclosure.htm

Expires: 2026-02-01T12:00:00.000Z

#[Dutch] Wil je werken bij CBR?
Hiring: https://werkenbijcbr.nl/
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJpVinKAAoJEEZ4tjDedcw/AocQAJyhW47zf086mq4qKaX+hWEe
oRUD5zsP2teqAY1InQ+sGOz3iEAwbzKJPkjJ0iOCobB/neg3yN/evt56gYVHxPK3
cwYbgXZRfziB1zzPeTBUDwF5N5hUbB2LvlX6FkVA/GWboDXhfTqWRx4Z6yU/WePy
dxZBl3T6VyRm2iHFtsNLWsV70cu+XGK9t0c8AaP59AjldlcaHUqhPiNQxO2bOht4
kUW3OdK2Hy/eJyIkVriz9hg11FXby2o3rQzl8vH/AYwt10VW2Iorpcn+T1HORf4i
xx15sxdNPnZKowLevUvT+6P7SWWsVz4y3agEvxWz+sgQ24KQ/B6NwQJJVpqyrBGd
2hrGAdH1zM53vDhHnhkn66JaQutJtBcORNjBbRSsaoWeoCAt9lkllz3KJn9Zu9oG
qfUXbjVzVuXHl11wjvAY5w2MwpCBCoAfwHituTEV+RrdexTsaxKmrtJHhCW/8iiS
QkYlQWEqr2z8Cb4oh6uC8/f1xIytgv9gEEGeZAgvPK9caRve+T9OKuMOnbaA3cX3
2dIxZuLbjYCzpov2doJG/zgBWOyXU68lFxyQLmzt3bO1giDD7ko1tyDNf1JJj2Ce
NxWkuwU3MedXAoXLTRYqiw7G3T68Kw5v3kDS5qfm7is/beBKKxYZw0unxUubcPth
T5r0kkHysr1Yj1I9TOvP
=4j6P
-----END PGP SIGNATURE-----