A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Canonical: https://gmta.nl/.well-known/security.txt
Contact: mailto:jelle@gmta.nl
Encryption: https://gmta.nl/pgp-key.asc
Expires: 2026-12-01T23:11:00.000Z
Preferred-Languages: en,nl
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEMzU4qUF+KiLcRzi3Nx6RazhK3/YFAmkuIJ4ACgkQNx6RazhK
3/aKug/+Ov+GxE1xOxWOQDnDgC2Ep1f2fRpR0uXj6Ur4A6Ud26VMVjT7tyTzQ/Rf
sJlCqHJJEwnnAX5qaNMucAH8UwOv9XpPMcildwT/ecylJCfKIzjWpiiEr+tJzfpQ
aKRCVeMqdX86EMznMsEyr26wvdYVKATpEGojInc9ZU2tMdM20ma+UxX0b6/GE8va
XTrq+bmYcu93lw44EBupDlc8k4uxDFcnSQi1f2vbdccJMNx3OFE9v0kEsFRWzkIq
18v1G5OjupGXkg6BjyKgcbCYEbecUMLnQ2Bgu/DQaKYZmDPOx+qms2EFh60dIiHj
yV+EGHKirIqsNWmRIH2dUrEwYkwuPyGDL8qHJlwyBqN8AofraeQzMzPntZ3AYnWs
m0xc3Ey+exs7xXp2DAThuPC1WZBnMQuDyFpUjwXnoHhRH1/pb0bEWoW6gSTKPBYL
2jFnR1HaQbRLtNEOnq/LD8Ik4exLYWtonQPl0mo9psTmfvAO2H6ZBwWDIw4abM3e
teDPpvOjDNOXX9v/y6co5hC5dYAgWatpWxe5E+RGzp2X+aTnbKJjpsJRwFObTH+s
lf29RkAub1qa0+a57D0k4tJ09Up9hz3bkqW0TqTi9s3Xyy+LmyCtJBNUew8gTWuR
Fc43bFJVc+o5eNDw/8L2MKQVJ5O/iFOCdNIrWYeX/vZBeEJb0Ko=
=fhQr
-----END PGP SIGNATURE-----