A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: https://www.mourik.com/contact/
Expires: 2026-01-01T11:00:00.000Z
Encryption: https://www.mourik.com/.well-known/reponsible-pub.asc
Preferred-Languages: en,nl
Canonical: https://www.mourik.com/.well-known/security.txt
Canonical: https://www.mourik.be/.well-known/security.txt
Canonical: https://www.mourik.nl/.well-known/security.txt
Hiring: https://www.mourik.com/careers/

# todo
# Policy: https://www.mourik.com/responsible-disclosure

# standards
# https://datatracker.ietf.org/doc/html/draft-foudil-securitytxt-12#section-3.3
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwPXk+rhlKpFFX+3+7b8US0t/1l4FAmdJg1kACgkQ7b8US0t/
1l617Q/9FsZ762hPZm6hEgXlz+rgy8wAtwdbyH1b3+FhBk5en7oFkN4hnZJEZPeY
XFhaKuJQCugPVZMS20Frq5fcc9hnHgULPHX73aNC83LYcgBgAy4thILzT+F5+V/Z
P18FYU6SUrySKdXyvQTCnZSp9qEEeSooMGp3Nl+AxIsfc/IqmUQHHJJDpwiLyaYA
H9AhlmRCM4XrNaFgVLXZvraql2tj9quCAHm4jqbei+eEyH13mwKqfQHKawNFHsLG
57E37zQB4VXnQneIa7V543wfREIyzrpxwaE5uuvCTDFUAhWrt86gmzJiLWwXgM1A
jdtNmd431bOm6hJgFnilxqSMxirrr6bOWZJyJn5+8Xn5g92wTX19u+hk+hphmuRq
cAXIDYzMIph0dNYxdcZcdDSMb5uQDsgUzUzR+woce0fMfBxEtMgsgM2m5aZ2EmDv
D/CKPXe4NdIAY9/IDEaQckL6xPoJIsKSlGKa/afUGly+T49MNl7kEUiTCxPU4d4e
HvZxJ/HrgqTU6sFm5f0y7QuIBSNSD3DpQ4MmlvLRZYWeCWGPC/6lOUXttATBgiQL
DFOz3tLIeyscpcTU2dPbRYAGzhRO4sI6n/oe5ToL7uPSxuBcp04Wteh98x2WOgiR
Sh1W3dNa1U30XW8RmqyPHlMF9VJpHaRL5oktG3oipomS/ag6XT8=
=fiek
-----END PGP SIGNATURE-----