A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# security.txt for https://zgem.nl/
# Well-known location: https://zgem.nl/.well-known/security.txt

Contact: mailto:cvd@z-cert.nl
Expires: 2026-10-10T23:59:59.000Z
Encryption: https://www.z-cert.nl/pgp/
Preferred-Languages: en,nl
Policy: https://www.zgem.nl/cvd
Policy: https://z-cert.nl/kwetsbaarheid-melden/
Acknowledgments: https://z-cert.nl/kwetsbaarheid-melden/hall-of-fame

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEE9DgScEWriJxg/9cV+ILslBnGrFMFAmfS3tgPHGNlcnRAei1j
ZXJ0Lm5sAAoJEPiC7JQZxqxTPwMP/ibksnbeZ25d5EIaPXQQSBVUC2Nmn7F0ZDe4
Qcr02uXjC+RbweuNb8RD2dMmXgPgE4CBHly1l72IvdHKS0B5bWXG7SpDoXQ0WWvD
gQ8YeEUjzd4yMT21VShAZ4uuWAkliY3B2wPW3gqnSfrWJjcCDMFi4gLk0sf/52JR
WOJuNQXwtrbYZGGI7DBnRj7KPDh9IGw36DZh4jsf2Di8yZV6nTWTaDlMY6CK8ziQ
O/596M+G0p1tJw4hNXvriBj/C+Wl+BwbbuOsKGtGiFjLHSSXAKktFIyGny+ldty+
nRl5JuowfBtePqsLDFjhZHQiNVOyAw/lv+pMij5XbcoiFsofZ76bvrz2SwNSutBJ
JAGCDsaq6Kj/E8/N3G//qq7AZhBjQ1cvLIUsXzt7JCBzwxKnVUam0c2JClfT1yW/
s2NfAg4mihBM32+21CFSE10scjaPmPU5uaG68czMezuRBEg8KLJ2Ka5p8UL6oDvU
ZtUEdpnntUX+2l7MM58xzcxTJWFd2vK0w4W5+/FMD/eHQgs7hj2m9H2BGzDmJJtQ
OmiPILoqPpz/IGwPwK3fts0wql082vRgCyfTIHFT0SrWET51rmUwrCVG+qMK31XM
BOZaEOwAsrA3FO/OqUgIxDKT33bLNEayIbVFxTqfeoQhX31d+er1gsWBwBquXQyt
eUl0ulKN
=FooE
-----END PGP SIGNATURE-----