A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# If you discover a security vulnerability on one of our websites please contact us

# Our responsible disclosure guidelines
Policy: https://www.nzta.govt.nz/about-us/about-this-site/responsible-disclosure-guidelines

# Our security email address
Contact: mailto:TeAukaha_DW_CyberSecuritySOC@nzta.govt.nz

# Our PGP key for the above email
Encryption: https://keyserver.ubuntu.com/pks/lookup?search=0xF7E1575776C3A7EB&fingerprint=on&op=index

Preferred-Languages: en

Expires: Fri, 01 Mar 2024 09:00:00 +1300