A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# Domeinen van MBO Utrecht kunnen met een 302 redirect verwijzen naar het
# bestand op https://mboutrecht.nl/.well-known/security.txt.
# Daarin staat het centrale meldpunt voor kwetsbaarheden en incidenten.
#
# MBO Utrecht domains can use a 302 redirect to point to the 
# file at https://mboutrecht.nl/.well-known/security.txt.
# That contains the central reporting point for vulnerabilities and incidents.

Policy: https://mboutrecht.nl/responsible-disclosure

Contact: mailto:security@mboutrecht.nl
Contact: https://mboutrecht.nl/responsible-disclosure

Encryption: https://keys.openpgp.org/search?q=security@mboutrecht.nl

Canonical: https://mboutrecht.nl/.well-known/security.txt

Preferred-Languages: nl, en

Acknowledgments: https://mboutrecht.nl/responsible-disclosure#hall-of-fame

Expires: 2026-07-31T22:59:00.000Z
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQTmpgXoSyMWXSOChiE5Mgeh93/b8QUCaF1U9gAKCRA5Mgeh93/b
8eYlAP0WyqN/vdXuEqM3fgzaf7bpRuwwatmQvB0KhWJeHpP2lwD/YuHeR0z80Tig
zoXVwmDsj6Kj+Fnc4hlE1oZUY0JpAgQ=
=wub/
-----END PGP SIGNATURE-----