A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

# Security.txt voor webformality.nl
# Conform RFC 9116

Contact: mailto:info@webformality.nl
Expires: 2026-03-18T06:16:17Z
Canonical: https://webformality.nl/.well-known/security.txt
Canonical: https://www.webformality.nl/.well-known/security.txt
Policy: https://webformality.nl
Encryption: https://webformality.nl/.well-known/pgp-key.txt
Preferred-Languages: nl, en
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJoeeaxAAoJED3jtth/1QPALqAH/1dmHriHPk9JwAY51J6N2J82
MpKRg4y7CVlWYFsEqDb4nYJ4CZqVUfruDWd43aqzHL/BJvYF2mlUcGa4QYufg4hO
qBbKPaFnJGwHUT1bVjRLqoDNTLSr3MZ0oTBIiITeGDK+VRYwpOCBMRwbiZp39+JZ
PH1UMPOTgPnK4OYRQBdOoJvIMobHGQ7Dnl6OIKoX7O7iEWUsSOIhBcqmtfoff1To
8m78n9S5puEbnuXI/EZQdhUJZ583tHEUEZB3QJQBZlT+9YAHzhn2royjLCAUSEuk
BmUphO9xR5z6wG/IB1E/IRLUmGC/Pwv35RRqZ8mPeu9PQI2ujXMoOzoBZNZYnCQ=
=YS3q
-----END PGP SIGNATURE-----