A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:guido@kroon.email
Expires: 2026-01-01T00:00:00.000Z
Encryption: https://kroon.email/pgp-key.txt
Encryption: dns:1275302e01cef631a7f8180c513d119a4e81fa7c160f337155da254d._openpgpkey.kroon.email.?type=OPENPGPKEY
Encryption: openpgp4fpr:2a9df1d597a0539033c9b3eb394c398c531efab0
Acknowledgments: https://kroon.email/hall-of-fame.html
Preferred-Languages: nl, en, sv
Canonical: https://kroon.email/.well-known/security.txt
Policy: https://kroon.email/security-policy.html
Hiring: https://kroon.email/jobs.html

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKp3x1ZegU5AzybPrOUw5jFMe+rAFAmhRhdYACgkQOUw5jFMe
+rB9jQ//Xja09vj+kOoYKKxKzUDeQEi3iIQ8raPSPuKr3cfsADJb/3Q9rP1P0Qqq
FbAjbNqafJTSFTipEF7Ki9M/Q6QOEQwbBMF9fDmlsktTpUYgfvl9UPLAhIkgutsk
6yAKGu//YnBM6fkdfFTyCdMMEZzOwLGMohs3fKOR+inluNQJ6t0SGouJK0nmUmD1
gck+IXOr1rrVeGcGblHfAwvB9YPy4xj6k8JAWiqaw9lzKNDRl/aWD76SGzm6IAIE
ULUxvQSiLZPlfs2yswvAJSJ6IKFtQjFoNVdFmWcHryZE8rW1cSiRKNzicLXVxoLr
R+kAs5wwKIlJJg+pFa/XvBHU+ASWTGUiLpQHlHaraNInlumEFKEq56Aq+ij+XSUD
2UBxeGuni+nkQSLxVIj0QJtwBAhc0YIrb2mDscYZ5bv3q4fq6mtgWOASy0cJGyYQ
QKXsInY3ABCffPxQ7wdrW2ISDnv/c0goKVreiui7RP3N/7ZzeHhg9XwlTvWmRcwe
Uo2amPpv4F1iMkzqVPWzhIJqMdfSxwQ9wKOnUo+Mgpqs/pjIRJs9DDWhAhuZAngO
qU2DCW820tICnSpK1oRfUBs2sYGrAMuLMXkf/XSxKZOGWXOV2zOS+OYIeIaDlGAG
n9Z9Je6yV+fVmpwsh9Y0217LQ8hLKw+3mYIT1O3rrjrqD5rlp2Y=
=6Juo
-----END PGP SIGNATURE-----