Coordinated vulnerability disclosure balances the needs of the public with the needs of the vendor. The public needs to both report and be informed of vulnerabilities. Vendors need to have time to respond to, and address, vulnerabilities.
It's useful if the finder of a vulnerability:
- doesn't want to contact the vendor themselves, or
- hasn't been successful in contacting the vendor directly.
You can report vulnerabilities to CERT NZ for coordinated disclosure.
To report a vulnerability, send a PGP encrypted email to disclosure@ops.cert.govt.nz.
Our PGP fingerprint is 9713 8773 3D95 7FAD C0EA 1797 8EB8 FFBD D973 476E
Read our coordinated vulnerability disclosure policy before submitting a report.
Coordinated vulnerability disclosure policy