A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# Security.txt sagenn 
Contact: mailto:ciso@sagenn.nl
# OpenPGP key
Encryption: https:///mijn.sagenn.nl/.well-known/pgp-publickey.txt

Expires: 2026-06-16T06:00:00.000Z

Preferred-Languages: en,nl

Canonical: https://mijn.sagenn.nl/.well-known/security.txt
Policy: https://mijn.sagenn.nl/blobs/workflow/99749/2025/23/Responsible_disclosure_beleid_Sagenn_NL_en_Engels.pdf
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEExba7Ai7kZ6Vh3C/MlwTNYYtA07YFAmhQDQcACgkQlwTNYYtA
07Z6PBAAh7YF4+FjUu7Yxpej0/IslbJABQQhDJjDzMYsN49HwDYnISGEqwEgzEp1
peYfEqedbU6HoAOTF9ZPeznuIBLTfPY3ZfB7g9OT7LxEj4jOxIUzQ098e0iRpzJF
WS6V4jrAcar0ihNO2vK80tbAMTOClctGxx+jsEZhEZ7XT1w4nnL7O8ow0upeQXsN
YAEiXi0AeauIbrlGKHN6xWeGnxf39HD9JejEJKhqqsNLdHfvhUa+yf/thwHI2Feh
WBc1JjItE9ZXGR8wNuyMgDUroe2Y7sky3efOScSAAEJS/hjMuqBdUF384lih6Kdb
zHUUMCIK92xU7dt7OnZTaUWkfrNp1IMhwm6kpiHplcmfK5a3LzZDPzpgle/70BAd
Ojd0HdfVE8dmUs+MkKndCmZnDYsJkCabTWDcExGJI023T5fx9ZLgLbhIkmmcYSDr
R8CTaLxn+evsUtjtcGHWIVdQ7Ek8jv6gs3YCVZ7EOve5W4gvnV6Uww5rptDAPqK+
YRES44wJrFY/aNEvruks33FDwRI9r+tOxrtXA05sW/fDz7EEFg3hg/ryTAZZucvR
tR78R53G3AKVA3zp4x9EgoL5MJoyv3kdzLdxXPe4CLaP4G3hXIG/87B9aET85str
KGowg+NSWBR/i15I6nN3c8xXsPEstBhZHffbkQWuIpr4ZAECLDc=
=juxm
-----END PGP SIGNATURE-----