A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# If you have discovered a technical vulnerability in an IT system of the Swiss Post,
# you can inform us via the listed email address.
# If you are interested in participating in the Swiss Post bug bounty programme you can find out more here:
# https://www.post.ch/en/about-us/responsibility/swiss-post-bug-bounty
# In case you do not want to register on the Bug Bounty platform, or your finding is "out of scope",
# please go here: https://vdp.post.ch/p/Information-Security

Contact: mailto:security@post.ch
Expires: 2028-02-19T12:29:19.000Z
Preferred-Languages: en, fr, de, it
Policy: https://vdp.post.ch/p/Information-Security