A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Canonical: http://tozai.nl/.well-known/security.txt
Canonical: http://www.tozai.nl/.well-known/security.txt
Canonical: http://service.intakt.com/securitytxt/generate.php?domain=tozai.nl
Expires: 2027-01-02T03:44:02+00:00

# Please always try to contact us through our online form to speed up things.
Contact: https://www.intakt.com/security-en?lang=1
Contact: https://www.intakt.com/security
Contact: mailto:security@intakt.com

# This is the PGP public key that we use to sign our security.txt.
# Do *not* use it to send encrypted mails to us.
Encryption: dns:2591d67d64ef2e80cde67d27b6510e61eca0b5b7f220a30cbaf0bcf0._openpgpkey.sidnlabs.nl.

# We can offer a proper response in the following languages:
Preferred-Languages: nl, en

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEMGPvLIRlMpS8l9NMf65g3vn+wPsFAmlXPwIACgkQf65g3vn+
wPv84A//ZOySJdwBbcGyBuRj3J1PW2zTC1c45rzoWgjA+Ym8f6sI5g8vvIkNLgdE
Vj4K2p+gUeh8hoDdUAqFUdf6gnnDwXj5SAd+6u3pW49Xj7v3rCYlrLS1FPuTvgpU
mqvI7hrzgnsg9z5rkWWwE+cYFjOk+XnownJPBVLGDJbwQGMzZrEcfHMBJWAjbsox
QK5WMGmSa/4zFFqYkZ5il1nBivsW3cQtpAelZM4TdA+ZzjjjaNlsBhQVqTKPxal9
zw0p4f2Ni50RhYgmigTWoTrIZ9vnfERkRXqJJlGYPu248qINQnzExiQtoBk+1i1/
GXCZ/1vbCOF9j6CRE6p/uvJjSj1ochndKNAE/rs9gCiV4kCVsPvWX2hpkZCnzVJh
8nHj9UavdQdxLAvzT5j+O2psGTvx59Fqg4EQJyLs7giN1NWXc0LItChuNNZxCBi5
4VJdhxgwspVuLErk1q83G052vpVJFraR36xfEqXjH/8ibkfg9cgiXym0EhaNNn6V
VIROFRW0Hq2Ni+XueUEDk2cJORaV7GY9OYqN/vOUN1Um82ocrUOqp5twbZYiGCLP
NlHngxm3eL9cou9nEDLB+Ro/mg3kDcldjUbJoB99mrQGkBUUqQ77sZR392w1v4ud
cIkukwqurQO9j8+JffMbRkhLQyUVu8pTRgCGHToWCqF+G9lXfTs=
=e0g/
-----END PGP SIGNATURE-----