A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

# Canonical URL
Canonical: https://dewijksestichting.nl/.well-known/security.txt

# Our security address
Contact: mailto:support@your-webhost.nl

# Our security policy
Policy: https://www.your-webhost.nl/beveiligingslek-melden.html

# These are the languages we speak
Preferred-Languages: en,nl

# Our OpenPGP key
Encryption: https://dewijksestichting.nl/stxt-encryption.txt

# You shouldn't trust this file, once it has expired (like bad milk)
Expires: 2026-06-09T03:38:06Z

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJoRlceAAoJEK+cbOexOUnYFSkIAISDwYMskuSJrAeX9Tlx42zo
rmZS9YuooeYWuO54kAQA4B7EqDNmwoUGLFcEMmZaH6UgQyKdeCeNmOejSGCMuFZd
XRa7YymGhY9Z2dJ0KecyXlC8bSH961pfu3wyNTieTmx0CCIgp86H7TtQ2/q8pUAO
YaItZYCl3dcU213KdqLWZIcncVaNSgwyn1BGtuK3iVGNcJisT2nsJi9Zk5UwqXBy
8i08OLvBTTJQhy3ng1aPnTC1iRi3t7YmNMK8JT1AVWU1o9TcZEhm8QDJ5RCmgWwn
g9fjYn3yv5VgiqzSzzZuE1TNN1CAsofkZjsi77HKSSfknejmQW8lLJXvMEis1O0=
=mD4R
-----END PGP SIGNATURE-----