A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# DDFR RFC 9116 security.txt
Contact: mailto:info@ddfr.nl
Contact: tel:+31588458000
Contact: https://portal.smartlockr.eu/uploadportal/7ldc4e#5aaac9d6b7d64525cfac9cd92a6e7a1e

Expires: 2025-01-23T23:00:00.000Z

# We can offer you a response in the following languages:
Preferred-Languages: en,nl

Canonical: https://ddfr.nl/.well-known/security.txt
Canonical: https://www.ddfr.nl/.well-known/security.txt

Encryption: https://ddfr.nl/pgp.asc

# If you would like to report a security issue please first read our responsible disclosure policy:
Policy: https://www.ddfr.nl/reporting-a-security-breach
Policy: https://www.ddfr.nl/beveiligingslek-melden

# If you think you'd like to join our team, please visit our job vacancy page:
Hiring: https://www.ddfr.nl/vacatures/
-----BEGIN PGP SIGNATURE-----

iQHBBAABCgArFiEERL6FBXjowk6kwpSDIWuHczSy3WYFAmWxGBsNHGluZm9AZGRm
ci5ubAAKCRAha4dzNLLdZkMkC/kBKSHftYgakI+4TNntPs6pt4/95OIL/rhvnHpH
8JKIAtkQqPwtTrQmz2jo1XYROXGQ+p88177etOPGMozdm3oe0JvNn3geuv9eSFLr
NgAOnbp7nw0gcW7VnXkkUKjldUhamSYNUADwmWDcsQXEWw4ahQfcUX/Kxa3Kwpbf
S/fYe/nXu5DrYXzbhLbr2Jcu/YCzMa2JOaBcABPd8dpTiyieDWou+l48mSvlen14
AQ8lOVLc1YhiT2o504fTXJDLc0TI9M5euwGxBcHWvKZYIhE/kfUxye7bV5fMYngG
tusQVFQFMbLwpXvug+GBlcShZZrwJAfbB1D/mR9h/aQNs1qhuxK+KdEWN+xs9i4k
MNFhWki/L3gYmb4Wkv9g0vE4I/jauGZ/Y7HCyn58o3/NFbxMH2pElpnv4BPMGJA/
rPI+pyQ7keBTcR1P/Fh0mBVSyjLZ6CVyp27gIcTr7VWX3lalFBwrI+sQyElG8t8J
AslUE0DTLz34YNRen4FuvKQRs3g=
=pFN3
-----END PGP SIGNATURE-----