A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:secure@pkisigning.nl
Expires: 2023-12-31T22:59:00.000Z
Encryption: https://pgp.surfnet.nl/pks/lookup?op=get&search=0x1e68ff9c44d31005
Preferred-Languages: nl, en
Policy: https://www.pkisigning.nl/security-en-privacy/#rd
Canonical: https://pkisigning.nl/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEuVBhKdJt3x7LkQC3B/dvQW7ll/0FAmO2wQMACgkQB/dvQW7l
l/0HNhAAkx4bnw4x2YFVTn7QnYvii5/VYQlDnXCBcsPhd5WB7osDBx803+nYE1RQ
cxzFMvB6pBKCqIaPb+oYZTyLcDnWrBKg1G6beO1sbNTfTyROqzxE8/NxwcBKmyG+
OdsNxiP/Uj8+gIBJQCQD5DwMJhUGgVoC2IB1nzitz4/C1/V966T/fzUAK8IUIJai
wHMFw06cVg1AGJBPBi0/qLkOo75/7e7FD8KpPF2aUyDZiGUV9GswPD+OOIsneUkm
V9DPSozbFQtpbATDcgV3fUQo9F2gnvmP+Pxm1vFps+T2/CviCr9x9+tJSSqfh3hZ
i6UXi670fHIumyGQjZ4fzh730N3XdQyi7WhndaIcXSQZZ3JMG92DmiYedfSRidcw
HUZaDJzjH0f1LtyClTpLgNan7UFtP/4H8N4de9N35xQktJQayH/Z0thWlDP1rS5y
K9ngGlPhxcSJ2OWzGWeUJnc8QdXpdXBvMnblF3MtZ1gSLE/xVN6z1zOK2pDWt08d
CoBZgfBVC/0FZL51TXGtXUBBaJwducy8MlGsL+GLQ2weHOXPiaO6GeEj6CcRdOvf
BeACVy317kSCBdd8zIRfI5SbRwoMyCAF5aYXq5dyWTHgewCx/oxZzXoWsn4wxLJm
TwFBlW9F/EeWCgFojTA4Uuyas1Nc3P1AZHRHPn3mM4hpRGAuvb8=
=gYzq
-----END PGP SIGNATURE-----