A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Domeinen van RUG kunnen met een 302 redirect verwijzen naar het bestand
# op https://www.rug.nl/.well-known/security.txt.
# Daarin staat het centrale meldpunt voor kwetsbaarheden en incidenten.
#
# UG domains can use a 302 redirect to point to the file
# at https://www.rug.nl/.well-known/security.txt.
# That contains the central reporting point for vulnerabilities and incidents.
#
Contact: mailto:cert@rug.nl
Canonical: https://www.rug.nl/.well-known/security.txt
Preferred-Languages: nl, en
Encryption: https://www.rug.nl/.well-known/pgp-key.txt
Policy: https://www.rug.nl/about-ug/policy-and-strategy/privacy-and-security-at-the-ug/responsible-disclosure
Acknowledgments: https://www.rug.nl/about-ug/policy-and-strategy/privacy-and-security-at-the-ug/hall-of-fame
Hiring: https://www.rug.nl/about-ug/work-with-us/job-opportunities/
Expires: 2025-10-31T23:59:00.000Z
-----BEGIN PGP SIGNATURE-----

iIIEARYIACoWIQQs2rtIrJPRJXKnt8v2FT4PDupG1wUCZysyiQwcY2VydEBydWcu
bmwACgkQ9hU+Dw7qRtfZUgEAoJhvbbbfECRU/eOH4hf2eXyucsBv08Dpl03Fc4tL
VB8A/3yBzmYiekYeRiYPekTbSB2oLUi1V2iMQbtyxgaH9UoG
=3V6m
-----END PGP SIGNATURE-----