A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

#
# NotFound Digital Creativity RFC 9116 security.txt
#

Expires: 2023-12-31T23:00:01+00:00

Canonical: https://notfound.nl/.well-known/security.txt

Contact: mailto:security@notfound.nl
Contact: tel:+31655555111

Encryption: https://pgp.surfnet.nl/pks/lookup?op=get&search=0x4247477e96568b4685308b81578c3eabb35d7bb0

# We can offer you a swift and proper response in the following languages:
Preferred-Languages: nl, en
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEQkdHfpZWi0aFMIuBV4w+q7Nde7AFAmPrhdgACgkQV4w+q7Nd
e7B86Q//Xu0qWQk+UdkU8auUPwx5Mc51HBn3Q9+o1rgIPlxZ+8+acAYTganOK3cP
WfT1Xxuw9yglTDjAAahlrrazJPnePaPwUJODZ3Q04Bf0pUXfpvu3g0JB8eJm2HZX
3kQndmkbRfOD9QFhZvt4B+XG7A8aSd6Zco3LqkbbplPPf0DrvCqp9NGX0Mz+YTYH
d/EKPNM6atENx+4fKwLWBUQSKLSIq04nLR9Ao9NFS4FiqGXx2szmnnNYhaf2RCik
8y0MAAL54yKuv9mAxLxeRxiyJv3fW3qNcnQIeFuuv/yk0+1scXV0kqxc3Cd6NjMz
BwngooWV94VqWSv+EP3cmzzj8j3Cvr0tjj3mXX4Zn8QMMJouaga2r/mcm32n8pfr
ziG5kM5USzgqZ1JWIffX9FwVAx2d4odUjAlWzVVaMAsirWf19v95oaWB0q0nQz3Q
yNatYNYuAm2vlRMiRlJkSwpk3ZIbiGsLOeoFvFabBPj637XK8cZGxnohEtxgVOMh
4FkVVOlN5w5b27mAiN5EiiF9TaLlO5UKhIKhwBH12GfdaSRylrQmH/Y4nJIgY5U4
r/eiJG9sRnk2E9AI/D4ZLRY2eYFyZUKmktDLug56E13qqrE0LZni3w+0sFF7PovF
f/fZN15Ud/G5LPTKRZ3nWq4Nnm+H/tCVH5Od9YnPei7N9sV+Pf8=
=NPG/
-----END PGP SIGNATURE-----