Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

We respect your Do Not Track preference.

If you spot a security flaw, tell CERT NZ Neil Sanson
4 August 2017 at 11:36

cert NZ

Computer systems always seem to have problems and vulnerabilities. Some data breaches occur because of those vulnerabilities. If you spot a vulnerability or security flaw in a website, you can first report it to the organisation. They are generally happy to hear about a problem, so they can fix it.

Some organisations even publish a vulnerability disclosure policy that tells you how to report to them. For example, our office’s policy is here and our reasons are described in this blog post.

But you may find yourself in a situation where you do not want to have direct contact with the organisation. You might have had bad experiences in the past when reporting a problem. Or you might be concerned about how reporting a problem to an organisation might affect its dealings with you.

There have been cases where security researchers have received threatening legal letters for trying to do the right thing. Rather than take responsibility for the problem, an agency might try to blame the whistleblower.

In such cases, you need a trustworthy third party to pass the report on.

CERT NZ can act as that trusted third party for you. CERT NZ is a newly-established government clearing-house for reports of computer security incidents. It also gives support and guidance on computer security and incidents.

You can find out more about how CERT NZ passes on disclosures of vulnerabilities.

Image credit: CERT NZ

,

Back