A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: https://www.kennisnet.nl/responsible-disclosure/
Expires: 2025-03-01T22:00:00.000Z
Encryption: https://www.kennisnet.nl/responsible-disclosure/pgp-key/
Canonical: https://kennisnet.nl/.well-known/security.txt
Canonical: https://www.kennisnet.nl/.well-known/security.txt

-----BEGIN PGP SIGNATURE-----

iQFKBAABCAA0FiEEr396uaPxyuMcWQ2q5Y0KyLQH6ysFAmWUCJYWHHNlY3VyaXR5
QGtlbm5pc25ldC5ubAAKCRDljQrItAfrK2pDB/9RPdtPqifAsv9BR6rEJillZrOV
X0DwnD4ofJFj4UC7gS3TOhNs3p6JbV7xkvKuID16o5OBjyb1tv4f1ujA1EIewbBi
AqCv1O1lPjbmb89Xq0PjscK90WwzTrBk6sBkjJZj2x+AMgK56fRoO3aHD6qxx/MU
nwogA0yxF2+gwtyzmAOm44IjsEEihm0O81zIli1I+xnflWIDVOexynIWI+x7/tok
SAhH/D27CT0GP8Db548dPmVctzOuc3kLqq+N19VJtzQw0CrZa0Lt3vg9b4ZovjE9
FVeEzKyf2i2lK/fBxs769cGT2+RNVr5Nb1O7lMdRt24SzC7b+JGM32I82dCA
=UFh8
-----END PGP SIGNATURE-----