A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Security address
Contact: mailto:security@unive.nl

# OpenPGP key
Encryption: https://unive.nl/.well-known/pgp-publickey.txt

# Expiration of security.txt file
Expires: 2027-01-31T22:59:00.000Z

# Privacy Policy
Policy: https://www.unive.nl/kwetsbaarheid-melden

# Languages
Preferred-Languages: EN, NL
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEvov98fSIp+U+L6qnjv0GJhBdcYsFAmlbeu4ACgkQjv0GJhBd
cYsA1g/6Am4A41ql3QgNkWktjPU2kKFTot8UMv96rBWfU/MIk88lkGignHPAIN+6
fVQh16Kxqob6HJyEEdDd1x2mIe3cXKsrDxb8n0HIJRyUbWLxB+bHOGGwGsnFydhL
ePN/rLuqWa4SsKfO8Ek90BbqCixSaLYkBDVf5E7rpMYhy/94eswbFQ75tIyXzzI0
Dwcyoc836tnIQg37pJdBK/NYh0XfmbNhQGLDmRnC0TGhLIGr71+J2YKaZ4rPWkt3
QjDnpFRcwNokYm/mh66vcc5GWWYDn6M0xSNVSU/1UURPap9mOUIp5n1TU+ZcILVI
n/t8Tiy2kQO5UO6viuGfoczWHv/B1kD6d5dCI8nsgsCIEc7gSuwcIEdIjDxhLeaW
zF9+YOIhiqpFZEmu9gC+uXHOMZG325ZtmqSxxlVq7yltT09eROOENFsXeeJYXMGb
YdjcY8Hcj1tIC1bxPIAP/otBMc58qdUuHX+9pauxuVKgZZtlDc4To4yyC90X0s68
Paepv1fqWyk1qx38TbM90AaN8AIewIT9DTRvMquwdmE/wrLYo3jl4AI8Jy0qrWKS
pxODiE0TbyTzGuwK7+vVQ1H4tu7W6/TUH5z4dioE30F5kpJ3OReWAywjS6NA21P2
DEbZSrVRFSh/2UyF+HU3FMIbTwYpZZnumudUhSFYG2MIQcMgm7o=
=Lz9r
-----END PGP SIGNATURE-----