A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# If you'd like to encrypt your message, please do so within the the body of the message.
# Our email system doesn't handle PGP-MIME well.
Contact: mailto:security@swoop.com.au

# All abuse reports should be submitted to our abuse email, do not encrypt messages to this address.
Contact: mailto:abuse@swoop.com.au

Preferred-Languages: en
 
Encryption: https://www.swoop.com.au/gpg/security-at-swoop-pubkey.txt
Canonical: https://www.swoop.com.au/.well-known/security.txt

Expires: 2028-03-28T02:20:07.547Z

-----BEGIN PGP SIGNATURE-----

iIwEARYKADQWIQS2m8IAEaks55BGQoucuSt9DdsowwUCZ+YHVxYcc2VjdXJpdHlA
c3dvb3AuY29tLmF1AAoJEJy5K30N2yjD1JkBAIK10K/K8wwqVhQB7vFarVfbGwm8
p8QCNmbStzFIzOq/AP99ySA1oEygiMOBHes15+fV4b8e9I1Oe/n2PbuPZsKPAQ==
=KmvD
-----END PGP SIGNATURE-----