A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: https://assets.w3.tue.nl/w/fileadmin/content/universiteit/diensten/IMS/RFC2350_1.9.pdf
Expires: 2026-01-30T11:00:00.000Z
Preferred-Languages: en, nl
Canonical: https://tue.nl/.well-known/security.txt
Policy: https://assets.w3.tue.nl/w/fileadmin/content/universiteit/diensten/IMS/RFC2350_1.9.pdf
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEC8UOcFdRPXzrXCO7IbTdhBG3wnYFAme0hYoACgkQIbTdhBG3
wnZ/vxAAvi0V/FSyludhvvY8emarAA1mqgKEimQwyAA81b5xMAzZXvLantzec9h4
8zDE7+WYMYxGKYX3RgNT2ph0IAMqyixd/9Flal0qY7ZMe3e3B96rCc8BNcAivoKj
6nOiR3vbdiZMxvf16BZ97Sq7bIaxgT/dRNeig4+AF4zARWcwf29JyemUMJ1dkQQV
D+w6l3b8DIzE5DJbe6bjN7MGILuiaF7TeQHjA64d6BJA2eUH+HelCL7lW7dOa7Gx
AXQOCPd/qAQU9ZZ+gKdRwT5sZOB1QKPd7FdROWRCAGx/jTPGGz/OjTp+JE5fESaY
lmdIObdT/MsJsMukpg3JTxKbvEdBrtUVvk3NmKd9e7kPn4F+1AIarKBP/NlrVAXW
ylqTJaTfcbuTJgAy5NIEZWljgLNYsEgxHmZ7EZYXS7BJqbtrSSDlhF5gdFUZ4FoP
9vjrTrND5x8iE95DL1crvtZutM0SPJhxVP/9JsR+Pm2ACkORsvv0H0TVrcbL0JtT
LmoQCxRqfCE+3eqbMi3plgPzwKCDG+oXq+BIUjcjMIuimunWTcmYdqo+BD1vyAuu
oYfdTABJVG7wYe0pDlqQXrCB7GzUERmQOBwduxFcaUQP3RJiCOV8wmAcTWjlHGIE
lhDSzzV0wSDXLQLnpB5tRIdBZzwgaGDYGLqTuug7Tqzm53CL+20=
=j0Lr
-----END PGP SIGNATURE-----