A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512



#If you would like to report a security issue you may report it via e-mail or HackerOne.

#Please make sure to read our policy page before investigating a possible security issue.



#Policy in English

Policy: https://hackerone.com/devolksbank



#Policy in Dutch

Policy: https://www.devolksbank.nl/over-ons/kwetsbaarheden-melden

Policy: https://www.snsbank.nl/particulier/over-sns/veilig-bankieren/kwetsbaarheden-melden.html

Policy: https://www.asnbank.nl/online-en-mobiel-bankieren/veilig-bankieren/meld-kwetsbaarheden.html

Policy: https://www.blgwonen.nl/browsers-en-systemen.html

Policy: https://www.regiobank.nl/service/online-bankieren/veilig-bankieren/kwetsbaarheden-melden.html



#One security.txt for all brands of de Volksbank: SNS, ASN Bank, RegioBank and BLG Wonen

Canonical: https://www.devolksbank.nl/.well-known/security.txt



#Our security address (for reporting with possible bounty or with acknowledgement)

Contact: https://hackerone.com/devolksbank

Acknowledgments: https://hackerone.com/devolksbank



#Our security address (only for anonymous reporting)

Contact: mailto:responsible-disclosure@devolksbank.nl

Encryption: https://static.devolksbank.nl/files/PublicPGPKey.txt

Preferred-Languages: nl, en



#[Dutch] Wil je werken bij de Volksbank?

Hiring: https://werkenbij.devolksbank.nl/nl/nl/search-results?keywords=security



#We update this policy at least once per year

Expires: 2023-12-31T22:59:00.000Z

-----BEGIN PGP SIGNATURE-----



iHUEARYKAB0WIQRs5QGH35BVHyW9SuIxrzFAxl5pYAUCY9eimgAKCRAxrzFAxl5p

YEuZAQDFJGF5ga/bmjwaj0JXuLTWAgovsybsTPvhOT4B8uHy8QD+I7nqBIEzZSQc

ygWnPeXfrtAWuJtNy/WiL3rEI9b5cAY=

=HVN7

-----END PGP SIGNATURE-----