A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: security@odc-noord.nl 
Encryption: https://www.odc-noord.nl/.well-known/pgp-key.txt 
Preferred-Languages: en, nl 
Canonical: https://www.odc-noord.nl/.well-known/security.txt 
Policy: https://www.odc-noord.nl/meer-over-veiligheid/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJc5VTWAAoJEKMLGtvS9Hmmeh8P/jvvmth20PZ/JjY5PCeHkCql
t/Q1fkJlQMgIqbAcKHaP2/nOnhMLIEXgYnzq0d2nTIKIcKCA+08XtcrhnrhmDBBp
sOHFaFx0/3f+RK8O7KU4pbKuQknrSKkzGsbjEww4S2P7a7a+bdQtBMy/gnVi3q3b
5NRDgM+LUuIF9sf6igmzr3d6lPlFaF+chs3hohPjwKa5nUsMlc7KQF1sGQkdGGim
e8cKGDU3p2d5QIwy2vJZKJwwgH/wW6CExg53MfFMeOCkOqt9w62yfqvp7EQqu7RH
au6WFEBl52JZc80NczS6g5TqqnWHLklXxxjJve7dxSdM5q+GXpKCHT2ZW5UddNqp
YMeP3nTVoT0LFYY9b635DEaZTO5j5EFRgLvXRwfsFrYOdpxQLoWKCEjCoGGpMmm5
Z4uqQcAn9qEE4P9L1ru+AYK8wECJb9kmlmeh3Uo7z1/oLZZfhJalddNlnQAPG1NZ
a9zg9FMN2L9cQ3pYiu2G06JrIYR5JDMhGrci52/MYoNYRogvlz3L64fq1nPZ1NDF
80s+aipWy1uo8GhkKzhVpUW0pYXnKrsvtnYYKGWEzBdwlJKUoYamMCfr/0QXoCc5
nYb64oMnUNG+7uNXaLvdP2IXQQriNiziFHEKUg1OuMl1De60mJHHs4dCXraYOXBa
7r+4M/yn9YW61pJ6ixXH
=Ej2Q
-----END PGP SIGNATURE-----