A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:jeroen@karsies.nl
Expires: 2024-03-31T09:00:00.000Z
Encryption: https://carend.nl/.well-known/pgp.txt
Canonical: https://carend.nl/.well-known/security.txt
Preferred-Languages: en, nl
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErnnzlabeqoii6v/bdMklZaf251wFAmRCuvwACgkQdMklZaf2
51wnNQ//TcMkZXVRQjdsNV5CIeg5Foz4pNM0j977e8Qms3cdnL8uB/4/ErCUKFpD
sMwmvhek91Csa12yXm8S2n31Hi7xSVwNq9F/iMDjuoGbeZxghC8ZHMrzBoFeiDK/
EsLODHv7lp9q1VWBmiggOuWg3M4YXm3DL2SC3pql7g5d3gQnIUuw7E8KTjyYNwI2
5GXt71eAAxt3ej9ESTd0h5L86652FsrYNmf/20Ln3lmULU1hcO3nTL4OCNNOLMMt
O0qjSRXKtxePoDVCDNtNKyrquvWlqkVVUQCp3neSUr/G50H9Z0Kq8iyk841fgV1b
uGm6zFdLRDOhy4rKwDDs0A2RNCTxGAWsCKi5l4EyKODmiCzqQfHsv6yDmTtD+RbT
Ih8LduTSfEg2KsZlI+G+2BmHnpj7l0HEYBCaSxpS2zy5+wtJE9tY3pRFe3IcfqvJ
3T5Oz5ludwGe4bnVdnmADoGKjd3CCHXhbtgfZiVnSMrIKeuNjP/CCF1ewATQGr66
gz7FSXnS6T5xa5DjRRkwuwSkfmMdmpsx+VUjP/obiL+T2uojWtQJUKaCRp3QZdWQ
w6ZDPdsNHk9yT8/s/GW9BAQaYyoghDQ56D2tRAr5YlB/ia1THp8HGPYMNCsmcQWU
aUq4Zv3yTxiirYzzD08VYm3CuAYWP8WcO82XLkMz3yxUaKagDl0=
=Lt91
-----END PGP SIGNATURE-----