A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# If you discover a security vulnerability on one of our websites please contact us

# Our responsible disclosure guidelines
Policy: https://www.nzta.govt.nz/about-us/about-this-site/responsible-disclosure-guidelines

# Our security email address
Contact: mailto:SecurityOperations@nzta.govt.nz

# Our PGP key for the above email - a CAPTCHA must be completed before the key is supplied
Encryption: https://keyserver2.pgp.com/vkd/SubmitSearch.event?SearchCriteria=securityoperations%40nzta.govt.nz

Preferred-Languages: en

Expires: Fri, 25 Mar 2026 09:00:00 +1300