A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# If you discover a security vulnerability on one of our websites

# please contact us:



# Our responsible disclosure guidelines:

Policy: http://msd.govt.nz/about-msd-and-our-work/tools/responsible-disclosure-guidelines.html



# Our security email address

Contact: it_security@msd.govt.nz



# Our PGP key for the above email

Encryption: https://pgp.mit.edu/pks/lookup?op=get&search=0x4FF711A8795E7887



# Verify this security.txt file

Signature: https://msd.govt.nz/.well-known/security.txt.sig