A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

#
# SIDN Labs RFC 9116 security.txt
#
Canonical: https://example.nl/.well-known/security.txt
Canonical: https://www.example.nl/.well-known/security.txt

Expires: 2023-09-10T12:40:01+00:00

# If you would like to report a security issue please first read our
# responsible disclosure policy:
Policy: https://www.sidn.nl/en/cybersecurity/reporting-a-security-breach
Policy: https://www.sidn.nl/cybersecurity/beveiligingslek-melden

# Please always try to contact us through our responsible disclosure form
# to speed up things. Should that not be an option, then in order of
# preference the ways to contact us are:
Contact: https://www.sidn.nl/en/cybersecurity/reporting-a-security-breach
Contact: https://www.sidn.nl/cybersecurity/beveiligingslek-melden
Contact: mailto:csirt@sidn.nl
Contact: tel:+31263525500

# We do *not* use OpenPGP, so do *not* use the key that was used to sign this
# security.txt file for sending us messages. Use the S/MIME public key
# below instead:
Encryption: https://www.sidn.nl/.well-known/csirt_sidn_nl.crt

# We can offer you a swift and proper response in the following languages:
Preferred-Languages: nl, en

# Once a year we update our acknowledgement text file:
Acknowledgments: https://www.sidn.nl/.well-known/security_acknowledgements.txt

# If you think you'd like to join our team, please visit our job vacancy page:
Hiring: https://www.sidn.nl/en/work-at-sidn
Hiring: https://www.sidn.nl/werken-bij-sidn

# 
# 
#                           oooo$$$$$$$$$$$$oooo
#                       oo$$$$$$$$$$$$$$$$$$$$$$$$o
#                    oo$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$o         o$   $$ o$
#    o $ oo        o$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$o       $$ $$ $$o$
# oo $ $ "$      o$$$$$$$$$    $$$$$$$$$$$$$    $$$$$$$$$o       $$$o$$o$
# "$$$$$$o$     o$$$$$$$$$      $$$$$$$$$$$      $$$$$$$$$$o    $$$$$$$$
#   $$$$$$$    $$$$$$$$$$$      $$$$$$$$$$$      $$$$$$$$$$$$$$$$$$$$$$$
#   $$$$$$$$$$$$$$$$$$$$$$$    $$$$$$$$$$$$$    $$$$$$$$$$$$$$  """$$$
#    "$$$""""$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$     "$$$
#     $$$   o$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$     "$$$o
#    o$$"   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$       $$$o
#    $$$    $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$" "$$$$$$ooooo$$$$o
#   o$$$oooo$$$$$  $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$   o$$$$$$$$$$$$$$$$$
#   $$$$$$$$"$$$$   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$     $$$$""""""""
#  """"       $$$$    "$$$$$$$$$$$$$$$$$$$$$$$$$$$$"      o$$$
#             "$$$o     """$$$$$$$$$$$$$$$$$$"$$"         $$$
#               $$$o          "$$""$$$$$$""""           o$$$
#                $$$$o                                o$$$"
#                 "$$$$o      o$$$$$$o"$$$$o        o$$$$
#                   "$$$$$oo     ""$$$$o$$$$$o   o$$$$""
#                      ""$$$$$oooo  "$$$o$$$$$$$$$"""
#                         ""$$$$$$$oo $$$$$$$$$$
#                                 """"$$$$$$$$$$$
#                                     $$$$$$$$$$$$
#                                      $$$$$$$$$$"
#                                       "$$$""""
#
 
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEqBlWML3MLPXggQLWVGgYZ0qTQKgFAmNEEqEACgkQVGgYZ0qT
QKhWFwv/b2yNowoEQ4CZiCFN/ij80OpbqEcPi0DqW2GRFR/I0TxLXt4SB4kJTWsY
IzjercbVkbDU/KRgnY52UAlw0k5LWwyeDSwMnB6l9S5kNYKPmCz78DpsSTZVDzQ8
mXTuY/ASCEz//emENSXauGs2J3WsRbnUAlYrdQsbtCdhjcgpHswjcNG7bScWOjfJ
7X4J9RUM+AzSF8GGyQnoda25qVvlWn3KlYQ5C+TMcROM8y7tp1wYfC7pmqfvv/qE
Z7Ae5SByxKJh+bMvJTJ7ApXVHKVrvEbmw+4kelTdJh0byH3jCVpYFFRjZ7v+cn04
n+ffSYTEeL/nNuS12iHfDmcqryFRhuRLZhDWsARxMCnK4ua4NB8LwiQ3uApGXZxo
o8L9BJsxEPHKKr632kpaTuQxPMvy2ncR3qp9kJZK2OCApuSMnWIel85pYjvZI6Im
Mqagwiovuqnj30h4FAReSEaMcsH2TwAd+XzmC/yyMpb0y4qmSodciwsKasXxFshw
ZmQP4nfS
=nVTc
-----END PGP SIGNATURE-----