Protecting your information is our top priority. At Austrade, we strive to make our products and services safe and secure, but despite our best efforts, they may still be vulnerable.
The purpose of this policy is to enable security researchers and others to share their vulnerability findings with us. If you think you have found a potential vulnerability in an Austrade ICT product or service, please let us know as soon as possible.
As a government agency, we cannot compensate you for finding security vulnerabilities, whether potential or confirmed, nor will we publish the names or details of anyone who reports them to us. But you can be assured that your contribution to the public good is immensely appreciated.
This policy covers information and communications technology (ICT) products or services owned or operated by the Australian Trade and Investment Commission (Austrade) to which you have lawful access.
This policy does NOT cover or authorise:
This policy does not authorise individuals or groups to undertake hacking or penetration testing against Austrade ICT systems or to engage in any other action that is unlawful or contrary to legally enforceable terms and conditions for using a product or service.
How to report a vulnerability
To report a security vulnerability, please use the vulnerability disclosure form on the Austrade website. Provide enough detail so that we can reproduce your steps and confirm the vulnerability. Where feasible, please provide the following information:
Please keep your findings confidential. Do not make your research public until we have fixed or mitigated the vulnerability and agreed upon a disclosure date.