NZITF Co-ordinated Disclosure

The NZITF mission is to raise the cyber security posture of New Zealand. These Co-ordinated Disclosure guidelines are intended to improve information security throughout New Zealand by enabling organisations to become aware of the security vulnerabilities in their ICT systems and fix them, and encourage responsible behaviour from security researchers when a vulnerability is found.

We want to enable people who find vulnerabilities to approach ICT system owners in good faith without fear of reprisal. We believe organisations should be prepared for when they get a call from a finder and should have processes ready to deal with the situation. Because the NZITF has a broad membership of security professionals, we think that we can provide guidance that will add value, set some clear boundaries and make it easier for security professionals to work together and help improve cyber security in New Zealand

If you have a vulnerability that you would like to report through NZITF, email us at disclosure[at]nzitf.org.nz. If you would like to encrypt the information you send us, you can use our NZITF Disclosures PGP Public key to do so.

Our NZITF PGP Public Key details are:

• Key ID: 06A8A214

• Fingerprint: DBBD 4DE3 5FDD CCC0 175C 03B4 6451 0C5E 06A8 A214