A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256



Contact: mailto:security@nfir.nl
Expires: 2024-02-01T00:00:00.000Z
Encryption: https://www.nfir.nl/key.asc
Preferred-Languages: NL, EN
Canonical: https://www.nfir.nl/.well-known/security.txt
Policy: https://www.nfir.nl/responsible-disclosure/
Hiring: https://www.nfir.nl/vacatures/

-----BEGIN PGP SIGNATURE-----



iQIzBAEBCAAdFiEEM0jStSoA8NllwSaMkDEGAnhuhvUFAmUwGzoACgkQkDEGAnhu

hvWZTA/+N0PP5+x8sa/iqaxQkkRlUlhzixfNKijGLbOmUNW/oq3c+3leHjE75efX

fIpbrSEeDqPyLenDLbi57z12mm/aLy9K8RJCtN8cCzZMHp5ti6bNDHsjaIE9LWHk

tRT4LLyR4OOybCantlUU3VEOuOLGjc/TU7nHnqjxG6HniTK5cb3Y60GXCBasU6y0

CbOtOnFenKWG9DPTvSESDipd8SrShX0lYMaGIiauvjxtMXrTR/vGdRZXZomYBsID

5Poz1avQBTc+MUkoVTvl7+0ZzoU8IumrMoUCAERu8qkKqVzsgJAzJFOzootG4FKR

1HZdb30IEIj3bDBFQCGc5oW1oC+sOOMxaLHCQwH5ETP3QWS0G6fhQGRHSDpL/35z

AtvlDEskeRBKCPNQDNGCr/De+9wenx6M+hPDr1Kawy8heMf25TfoCODABYjCDJZZ

l9JX8AxZRrs/SSM4VMR8XegBAOuMWwN9PKkEU6ttnDgtMKyzS2cgmv+6RtuYDFX+

PZCr4rx8z5+4ogE6liRiJBaGLKcahqtNWBLz+Zr64F/7QdFBds3e1H4/33xH6Gtt

HUMwKvqDd5Mo3j+zNxJwhTDr5qbqFQrxdRcfqBUuspgcA1rCnEQgnYfGyksrA+Nk

nuC/Jr45POrzMqm3XFriQozd1dTvHO0cpBROYFeupgBL50nQwK0=

=uYTi

-----END PGP SIGNATURE-----