A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# This is a security.txt file following https://securitytxt.org/
# If you discover any weaknesses or vulnerabilities on this website, 
# please report this via our Policy URL (see below) 
# to the National Cyber Security Centre (NCSC)
# A report like this is called a Coordinated Vulnerability Disclosure (CVD).
# We will discuss the issue with the NCSC and resolve it as soon as possible.
# We thank you in advance for helping us making our product better and more secure!
Contact: mailto:cert@ncsc.nl
Preferred-Languages: nl, en
Policy: https://english.ncsc.nl/contact/reporting-a-vulnerability-cvd
Policy: https://www.ncsc.nl/contact/kwetsbaarheid-melden
Expires: 2022-09-01T00:00:00.000Z