The New Zealand Internet Task Force (NZITF) has released guidelines on how New Zealanders and NZ companies can implement coordinated disclosure. These guidelines will help security researchers and organisations to work together when disclosing and addressing vulnerabilities in ICT systems.
New Zealand businesses and organisations do not want to have ICT systems (such as websites) with vulnerabilities in them. Security researchers want to be able to notify organisations of vulnerabilities they come across without fear of legal action or negative publicity. It is important that we are all clear about what is expected of us when disclosing a vulnerability or when someone contacts us with a vulnerability.
Because the NZITF has a broad membership of security professionals we have designed these guidelines to give people an easy to use introduction to coordinated disclosure. Barry Brailey, the NZITF’s Chair said “I hope the guidelines set some clear boundaries and ultimately make it easier for security professionals to work together and help improve New Zealand’s cyber security posture.”
To download a copy of the coordinated disclosure guidelines, visit our Resources page.
To contact us about a vulnerability email us at disclosure[at]nzitf.org.nz.
Our PGP details are:
Key ID: 06A8A214
Fingerprint: DBBD 4DE3 5FDD CCC0 175C 03B4 6451 0C5E 06A8 A214