A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# B06A
Canonical: https://www.broersma.com/.well-known/security.txt
Expires: 2025-05-30T13:37:00Z
Preferred-Languages: en, nl

# The order of the Contact fields indicate the priority

# 1. Personal email address can be found here (for logged in users):
Contact: https://github.com/bwbroersma/

# 2. DM via Twitter (for logged in users):
Contact: https://twitter.com/messages/compose?recipient_id=34784173&text=CVE%20via%20security.txt%0ddomain/url:%20%0dissue/vulnerability:%20
Contact: https://twitter.com/bwbroersma

# 3. Fallback generic (spammy) email adress:
Contact: mailto:operations@b06a.net