A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Swedish Medical Products Agency, Läkemedelsverket
# Reporting security vulnerabilities to the Agency

# Please read the disclosure policy before testing or submitting reports to us
https://www.lakemedelsverket.se/en/security/responsible-disclosure

# Please send reports to:
Contact: mailto:csirt@lakemedelsverket.se
# PGP-key:
Encryption: https://www.lakemedelsverket.se/.well-known/public.pgp

Preferred-Languages: en, sv

# Hall of fame:
Acknowledgments: https://www.lakemedelsverket.se/en/security/thank-you

# Open positions:
Hiring: https://www.lakemedelsverket.se/sv/om-lakemedelsverket/jobba-pa-lakemedelsverket/lediga-jobb

Canonical: https://www.lakemedelsverket.se/.well-known/security.txt
Canonical: https://giftinformation.se/.well-known/security.txt
Canonical: https://lakemedelsboken.se/.well-known/security.txt
Expires: 2025-01-10T08:00:00.000Z

-----BEGIN PGP SIGNATURE-----

iJAEARYIADgWIQRYb0Zo8gh9owVN9+H3gygey15mHgUCZebTARocY3NpcnRAbGFr
ZW1lZGVsc3ZlcmtldC5zZQAKCRD3gygey15mHkZfAP4523STGd2qnCdijU5K2Qmh
jdW6wnT2XpnwWsPMml3pYAD7Bz/YcYdjWmbmzdcT+DZrRMLb7GjsSqzogx9mYPbt
kQE=
=IrGh
-----END PGP SIGNATURE-----