A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

# Hi there, thanks for taking an interest in zorg en zekerheid security! 
# If you think you found a issue or vulnerability, please let us know.

# You shouldn't trust this file, once it has expired (like bad milk).
# We are sometimes a bit forgetful, but we do have an annual re-occuring task to keep this file up-to-date.
Expires: 2024-08-20T22:24:50z

# Please always try to contact us through our responsible disclosure form to speed up things.
# Should that not be an option, then in order of preference the ways to contact us:
Contact: mailto:cybersecurity@zorgenzekerheid.nl
Canonical: https://www.zorgenzekerheid.nl/.well-known/security.txt

# You can find the csirt@zorgenzekerheid.nl PGP key in our DNS zone.
Encryption: https://www.zorgenzekerheid.nl/.well-known/PublicPGPKey.txt

# We can offer you a proper response in the following languages:
Preferred-Languages: nl, en

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJl1SbOAAoJEOouUhBgPd1Y0YoP/AqV2K/DAfpMTtLYLKwNZyn1
TdruC39xqUjJMimolOKVCjvlWu3oiKkz1Iw90cRqZaDPuJvZvpqqHbisvlLmzR/A
PEBOFaYzGuIpejdIn25DyQjydBEVJKtiga5xnUFkQaQTRF0g5NjbklLo2lY88WgQ
oKopdnnmpXFrPhdYps/a+ikvzCAUN82WHBVFUedgTARyKNqGmqYiAd1a2Qc9Rt5H
W3AqIiKDIJly63ZNn1lEWhqZVEoYiY+/9mjivw3MsLw2SDcO9nmh1P4eVvvshrXF
7gUjA5g7qVo3FKhHKEyKchQA9zqKakDVqfs9Xkj1RtImud34Jc4wNsHPJ+oDOzVt
7hWkZ6Y8Pi3pPu/aLEiTmBuMTX1Vm8yt86FlISrtrAP8m57pxJXxhkbZmRK6GFNf
ktt8ATRBx7Eg2buPmTOU1eVNU/axD5C6rePsYA8NOaNN+9u3202fUPdvrgiYA1gb
pXdOQzz6c2RryVUSCtbcrBQVjDbA4R4g5Nc3Y338UpHmXCsMjf6hgw5Mc7OmwSJ9
dzf+u1GTt1AkxU2Y0VwJSAkh5ltAic1hqS+VkBKrclcMjTHQhmdKGPPOnYk+bFPC
5MnxTXq54gAXt+33trhuGEkhIa07b/YhAdtEevne1Y7niM35ViDVIJ7pdPTg5+aq
NyNyXJAt6oxHvPWlghkt
=3NUC
-----END PGP SIGNATURE-----