A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# If you'd like to encrypt your message, please do so within the the body of the message.
# Our email system doesn't handle PGP-MIME well.
Contact: mailto:security@swoop.com.au

# All abuse reports should be submitted to our abuse email, do not encrypt messages to this address.
Contact: mailto:abuse@swoop.com.au

Preferred-Languages: en
 
Encryption: https://www.swoop.com.au/gpg/security-at-swoop-pubkey.txt
Canonical: https://www.swoop.com.au/.well-known/security.txt

Expires: 2028-08-25T07:41:35.661Z

-----BEGIN PGP SIGNATURE-----

iIwEARYKADQWIQS2m8IAEaks55BGQoucuSt9DdsowwUCaKwTrxYcc2VjdXJpdHlA
c3dvb3AuY29tLmF1AAoJEJy5K30N2yjDzAYA/iCjKGuHU2XSaZaXTjJNHBOJyVnk
j8KoOSAE0mSWs0rqAPoDJXZJkteAuYRCKcJW3QSXyl9AkHnH6cPcJbQxDVdGCw==
=/q2G
-----END PGP SIGNATURE-----