A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Amsterdam UMC security contact information
Contact: https://www.amsterdamumc.org/en/responsible-disclosure.htm
Policy: https://www.amsterdamumc.org/en/responsible-disclosure.htm
Preferred-Languages: nl,en
Expires: 2026-02-01T23:59:59z
# You can find the PGP signing key from rd-cert@amsterdamumc.nl on our public web server.
Encryption: https://www.amsterdamumc.nl/.well-known/pgp-key.txt

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEVzEwXx/fVnGC7zWoe9yjzXxUU7kFAmhuemIACgkQe9yjzXxU
U7kSuw/8CrdB8xZQ3p5+U/qXXZPxMVZIOSBpPjZG4m3OYQXMeflwNPhc3D3/Ia7K
2RTxWt0cEAuzkOjY2nU8gB+SJ9BkzrjiiRH7rywSlDGbxx5NZsGyzarFDeRJ61co
HvGWfpFUPuc4untRxOOw3IByu6D0Fe+ZDR5Ub+FwAugI7CN89d/1pEa+aIgw8jvz
Ma4VaRd/DdJ1cKRUT7xqEuNnPAj1FaX/JijtDQK/ZZgT1p11DE8tad2xHjUPFW/m
T3VtYBXGIVt/CfUyBpP/DNuNNxa7C1URcTDyXHPZM+tbXkqdAw52W3USF+FJ12SY
bOZBqSIjM75OoL/A0LzQNgzaCs+zm4qUGRoFvycfh2Dxgdi1uhVLVPD9F+brom5f
WX/9Pjp5D29jUIuxUeCJxU/+Usf8YVFwUNe+G1dENd4+myD5kcI4T2ZeeMZbSNja
HoK/utfh8TBrv4TTFt9o+zNz1vI8v1k5D6HgkFrNBuRepQ7sHM7QaoyI79tF9Nby
ewvwbasnKRaVbT+OiV7iytyt6/QsipBmCc+Ah2pfnXl1b2b7YgAbs6tA8No360KS
Pw/W6p0JfseQAWCBx83B++OM47vieopUQKQTbn1Me167r7AFCto2b4T98BDIIQdS
6Ef/DtqMlU3/+kUnmzsQLcGkzIyEb3xhrqnZ0UbtS4fV4HMXG0w=
=lpaU
-----END PGP SIGNATURE-----