A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Systemmatic BV RFC 9116 security.txt

Contact: mailto:info@systemmatic.nl
Contact: https://systemmatic.nl/contact-us/
Contact: tel:+1234567890 (for urgent issues)
Encryption: https://systemmatic.nl/pgp-key.txt

# Expiry date
Expires: 2024-08-14T23:59:00.000Z

# Please review our security policy before reporting a security issue
Policy: https://systemmatic.nl/security-policy/

# We can offer you a swift and proper response in the following languages:
Preferred-Languages: en, nl

# Location of security.txt
Canonical: https://systemmatic.nl/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE+daNyOfPfVxjroidwYb1GZthAmoFAmUJeVQACgkQwYb1GZth
Ampl0Af/ceSnTuoL1j/tjTkP2XepsdW++XHxK2N5vxBckpFLylAf2GXvtiMwXQYK
7jm7o+YGYhfwNviJBpn8/JgqqjiLA2+2mbwm3Sd0ja2WqrYtU8rkvrIcSlWJawxY
tOXsZr/l5rn1ukmDRQA2v5KEkpdjiG/6uqOa99uYRK0zmxpwOjzYgNaocV/59sDj
Pe+h3rm15famv3m66FaRYdbTMJ2GmpRpfPxC0zpZriRIhjYetLigYvt7Pjs+ws3j
cFBn0sSez1xCKOqG9stPCqjV0Gk5Pbiv0qqbF0W4kE4dJ6GsYY88f2HHuXhw2jMS
paLkDK8NR7B92+8mFp7RayGG5ttB7Q==
=bg4M
-----END PGP SIGNATURE-----