A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# DDFR RFC 9116 security.txt
Contact: mailto:info@ddfr.nl
Contact: tel:+31588458000
Contact: https://portal.smartlockr.eu/uploadportal/7ldc4e#5aaac9d6b7d64525cfac9cd92a6e7a1e

Expires: 2026-01-24T09:00:00.000Z

# We can offer you a response in the following languages:
Preferred-Languages: en,nl

Canonical: https://web11.ddfr.nl/.well-known/security.txt
Canonical: https://www.web11.ddfr.nl/.well-known/security.txt

Encryption: https://web11.ddfr.nl/pgp.asc

# If you would like to report a security issue please first read our responsible disclosure policy:
Policy: https://www.ddfr.nl/reporting-a-security-breach
Policy: https://www.ddfr.nl/beveiligingslek-melden

# If you think you'd like to join our team, please visit our job vacancy page:
Hiring: https://www.ddfr.nl/vacatures/