A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# If you have discovered a technical vulnerability in an IT system of the Swiss Post,

# you can inform us via the listed email address.

# If you are interested in participating in the Swiss Post bug bounty programme you can find out more here:

# https://www.post.ch/en/about-us/responsibility/swiss-post-bug-bounty

# In case you do not want to register on the Bug Bounty platform, or your finding is "out of scope",

# please go here: https://vdp.post.ch/p/Information-Security



Contact: mailto:security@post.ch

Expires: 2028-02-19T12:29:19.000Z

Preferred-Languages: en, fr, de, it

Policy: https://vdp.post.ch/p/Information-Security