A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

Contact: https://lucgommans.nl/email
Expires: 2028-01-01T00:00:00.000Z
Encryption: PGP key fingerprint 0x60CE8AF6E465D1CB52797CB1B52386467CE5CCB7
Preferred-Languages: nl, en
Policy: Normal responsible disclosure. You can always publicly talk about the bug after I fix it, which will typically be within a few days of me seeing your email. (Only if you abuse the weakness beyond what is necessary to demonstrate its existence or cause harm, I reserve the right to file a police report or seek damages.) Because I am not a commercial organisation, there is no budget for bug bounties, but you can expect my everlasting gratitude and a thank-you message on the website if you desire.