A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Security.txt voor ditwerkt.nl
# Conform RFC 9116

Contact: mailto:info@ditwerkt.nl
Expires: 2026-03-18T06:16:28Z
Canonical: https://ditwerkt.nl/.well-known/security.txt
Canonical: https://www.ditwerkt.nl/.well-known/security.txt
Policy: https://ditwerkt.nl
Encryption: https://ditwerkt.nl/.well-known/pgp-key.txt
Preferred-Languages: nl, en
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhaA7SBKCf7h3JubpjxedUWhcBJYFAmh55rwACgkQjxedUWhc
BJYhDAf7B2dzsdPqPBI/HINsfueJV2S1OLnISOvpgrvo6i9eyOgLBo0pI0rH+UwT
w8ZEYwVkAO/C1BPMmLtpRVk9lprGIXGOLtS09qAN1q9z+CyGx1DjdwpaL6Mijudp
uQ6bmp7L3QG7+hjOFOLfNdwpD8vxD7LYtFTWd9UlWMnzjshSSnZjIR5GeSQWX1iI
KCXs9jcZVV1OoaTJCIM4joLAsGa1qQiannP3nrSKKahO/DfCLuW0g6FuxN4VzVZX
nic46uK6ugWu+bxbsUNsX4tffXuXGQy/wtqNyRHkvYsrrX3UCz5GUfAubUPmOGxp
uYSDJKTrICxbNAcYaun+fCf6HlUEDg==
=BW3e
-----END PGP SIGNATURE-----