A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@cobytes.com
Canonical: https://www.cobytes.com/.well-known/security.txt
Policy: https://www.cobytes.com/privacybeleid/
Encryption: https://static.cobytes.com/security/security@cobytes.com.asc
Preferred-Languages: en, nl
Expires: 2026-03-20T10:00:00.000Z
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQQUMO8SeSxoOHslFzqSLrayxiHOWAUCZ9wPogAKCRCSLrayxiHO
WGZWAP9N6x/tViVn6PnkRZdBvtIN02Es5d6ilDowuZWb3pR70AD/bW/fTPDfNhNO
bwbWSE9v4YD/0hs3Rnfcr0WuaCKu1wY=
=BSCi
-----END PGP SIGNATURE-----