A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# Please submit your findings securely, using encryption if possible, to enhance confidentiality.
# Include as much information as possible, IP adresses, screenshots, logs etc. We would like to replicate your finding and need as much information as possible to do so.

# Please note the expiration date of this file and avoid trusting it after it has expired, similar to how you wouldn't use medication past its expiration date.
# We might occasionally overlook things, yet we maintain a yearly scheduled update for this file to ensure its accuracy.
Expires: 2026-01-31
Contact: mailto:security@nhn.no

# Encrypt your data using our GPG key for secure transmission
# gpg --encrypt --armor --recipient 'security@nhn.no' [reportfile]
Encryption: https://nhn.no/.well-known/public-pgp-key.asc

# Your validated contributions will be recognized in our Hall of Fame, should you opt-in for acknowledgment.
Acknowledgments: https://nhn.no/.well-known/hall-of-fame.html

# For communication, please use Norwegian or English. We will respond in the language of your inquiry.
Preferred-Languages: no, en

# This document is accessible on the following sites
Canonical: https://nhn.no/.well-known/security.txt
Canonical: https://helsenorge.no/.well-known/security.txt

# Please review our policy and guidelines on vulnerability disclosure before conducting tests
Policy: https://nhn.no/.well-known/vulnerability-disclosure.html

# Join our dynamic team! If interested, apply with 'Åpen søknad [security.txt]' as your subject line."
Hiring: https://nhn.no/karriere

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEPGIIil7FxD7FH3xtKy/eLGqICw4FAmeaFLAACgkQKy/eLGqI
Cw6fQw/+Ip4PvR6cbV8z7TwO/YbYcK9MHQ3Bsl9RePjRL5eHYkCC4FmiXPCIN93j
uuwGHUZkVT9MurQ1UT3Gqvo5xgTIqtnGYQNxxocZAsKMYegvdlXiPQA1yd0iE8S9
Ro51zEBth305IUr2MDPOQjROZMuUd9Y5NiOqMMwhKzW37CO2xueq0udC5cEaOId4
gwmasMWeefjXO3W/oqlbxKq553SfC1PLNOOK82ysgz/FYh57oTe7dIqK68uAE2gE
2zckgL9NZneN9/YpinXdNxSg6NyGyeOSVX3EFq8y92K8YHeaRRIM3nkt6iyeF4ld
BZG1KB1VH3nT+Ekl1ZuNqq8Ydggp8/cYSXhN98S75UTgWNElPa1E6oTFiHzdbqXN
5Q7ckRK4V8hvYdSngx4gWVCvSvvo61F5Oux9FyKi5EUwpXMSbXEkSjZTzLN7nKBF
fw0lqoOb1PxXfyXZo6rLH0GrchDDZcVLifbHlbIatZ8dbmaykJ074gfyL+lvxI5d
AgpzYTv9rZvNCIceM6gDyO4MQGVeKK5krp75gWq/DD8CrED11nxqZumRGOqLYlTz
irqjN3RghnlegN7C1J5JXcoICJweG4SvbSQTLmY+umK+fmS4+rhKnTNC4PcVFFIx
+ZS/xt4FCNyik3dWPo6uKPlEuz0/NnD9iJS0T6dEzpXOgpFI1C4=
=6GC5
-----END PGP SIGNATURE-----