InternetNZ is committed to resolving security vulnerabilities quickly and carefully. If you believe you have discovered a security related issue within our online systems, we appreciate your help in disclosing the issue with us responsibly and confidentially so that we can investigate and respond.
Contact us via email (email@example.com) with a detailed report of the potential vulnerability. If you believe the vulnerability is serious or there is a chance that email is insecure, then please encrypt the message with PGP. Our individual keys are listed on the team page and we will shortly publish details of our corporate key on this page.
This email should include as much of the following as possible:
Once submitted, we will acknowledge that we have received your report with a non-automated reply within 7 days and provide an outline response plan where applicable.
We will then review the information and work to validate the reported vulnerability. In the event that a true vulnerability is discovered we will complete the investigation and notify the reporter. Where appropriate the reporter will receive results of the vulnerability findings, a plan for resolution and plans for public disclosure.
We do not permit the following types of security research:
So that we may protect the security of our customers we request that any potential vulnerability that you believe you have discovered is not shared outside of trusted circles, until we have had the opportunity to research, respond and address the reported vulnerability and inform customers if needed. We also ask that you do not share or post any information belonging to our customers in any environment. We aim to address all valid vulnerabilities that are brought to our attention as quickly as possible.
If you act in good faith and follow this policy then we make the following commitments to you:
If you have any further questions or you wish to report a vulnerability, please contact firstname.lastname@example.org