Security & Responsible Disclosure
Voyages Indigenous Tourism Australia values the work performed by security professionals towards improving the security of our websites. While we take every effort to ensure the security of our websites we are dedicated to providing the appropriate framework to ensure the responsible disclosure of discovered vulnerabilities.
If you are a security professional and would like to report a security vulnerability, please send an email to: [email protected]. Please provide your name, contact information, and company name (if applicable) with each report. The report should contain the steps taken to reproduce the discovered security vulnerability. Please include your PGP public key with such reports where possible.
Responsible Disclosure Guidelines
We will investigate legitimate reports and make every effort to quickly correct any vulnerability. To encourage responsible reporting, we commit that we will not take legal action against you or ask law enforcement to investigate you if you comply with the following Responsible Disclosure Guidelines:
- Provide details of the vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC)
- Make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our services
- Do not modify or access data that does not belong to you
- You do not perform any mass data extraction of the vulnerability
- Give us a reasonable time to correct the issue before making any information public
We will attempt to respond to your report within 1-5 business days.