A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

# Our security address
Contact: mailto:security@hzeeland.nl

# Our OpenPGP key
Encryption: openpgp4fpr:7D55B928638ACF176A412477A0F667BCDC899C3F

# Our security policy
Policy: https://hz.nl/uploads/documents/1.4-Over-de-HZ/1.4.3.-Regelingen-en-documenten/NL/6.-Overige-regelingen/Overig/rfc2350-hz-csirt-20160610.txt

# Our preferred languages
Preferred-Languages: nl, en

# Location of this security.txt file
Canonical: https://hz.nl/.well-known/security.txt

Expires: 2024-12-08T13:00:00z
-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJjamV+AAoJEKD2Z7zciZw/P1QIAMgImxDa8UhvJ0ZjJJp8SlFd
KVRLmGPzZOKJeK4wNBt4HVKJCs3uCds5XdtGbcog5UYbxgt1lcu1fvAwtU5Trwgq
Is7HNsUdepbsEw+dvl6cpvtsycvqCPoEC3F9xjyGMolYofxb5oxvH7+cFuBiBP5N
vBVsydkzGsCq4/0836yoqzQCrFb8LQkzHYlNsj33QN28D8RXgdQDbnPuVbhUlPCF
yElXnESaHwQpKrjrWByIugj9Fjnr/VSeBK5u1Oq+we7VknAshABG6ah40E3tuKg0
BkJwdwBE5KFRdrt6tS6tN8hNwoRVMVkp4ey52JKRr0gSQvFlNLFSf8BXJwKq/r0=
=zZw+
-----END PGP SIGNATURE-----