A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

#
#    __  __       _   _     _
#   |  \/  |     | | | |   (_)
#   | \  / | __ _| |_| |__  _ ___  ___  _ __
#   | |\/| |/ _` | __| '_ \| / __|/ _ \| '_ \
#   | |  | | (_| | |_| | | | \__ \ (_) | | | |
#   |_|  |_|\__,_|\__|_| |_|_|___/\___/|_| |_|


# Thank you and acknowledgement
#
# Dear security researcher, we are most happy that you're taking the
# time to look at our security.txt, probably to identify who to contact
# with your findings.
#
# We would be very happy to receive your findings and possible recommendations.
# And in order to show our gratitude, we will mention you on our security.txt
# with the security issues that you raised.

# Our policy and our commitment to you
#
# Please feel free and invited to research our system. But please also keep
# the following pointers in mind:
# - Research to see if you can find a way in. When you do, please inform us
#   through mail, rather than leaving a message on the website. We will
#   consider this defacing of the site.
# - Please do not test our website by DDoS'ing it. That's not related to
#   website security but rather a game of bandwidth and filtering. We will
#   consider DDoS as an attack rather than research.
# - If you manage to find a way in, please leave the data intact, and don't
#   download all the data. That's not necessary to prove your point.
#   Downloading significant amounts of data, i.e. more than what's
#   reasonably needed to prove your point, will be considered data theft.
#
# In return, when you stick to these rules, we hereby promise you we will
# not only not take legal action, but rather be very happy with your input.
# If you're in the neighbourhood, please do feel free to drop by and claim
# your lunch with us, when you've reported a security issue!


# The formal bit
Contact: mailto:bas.vanderlinden@mathison.nl
Expires: 2025-09-01T10:00:00.000Z
Encryption: https://www.mathison.nl/pubkey.asc
Preferred-Languages: nl, en

# Thank you for reading, and thank  you even more for reporting
# security issues in our site!