A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.
# # Hello! # Here is our RFC9116 compliant security.txt # Contact: mailto:firstname.lastname@example.org Expires: 2035-12-31T22:59:00.000Z Preferred-Languages: en,nl Policy: https://www.sidn.nl/en/cybersecurity/reporting-a-security-breach Hiring: https://www.sidn.nl/werken-bij-sidn
This policy crawled by Onyphe on the 2022-06-03 is sorted as securitytxt.