Vulnerability Disclosure Policy

Page last updated: Friday, 15 December 2023 - 3:56pm

How to report a vulnerability

To report a vulnerability, please submit all reports to

To expedite the triaging and prioritisation of submission, your reports should:

  • Describe where the vulnerability was discovered and the potential impact of exploitation.
  • Include enough detail so we can reproduce your steps. Screenshots and proof of concept code are helpful.

What happens next

We will coordinate with you as openly and as quickly as possible during the remediation of any identified vulnerabilities.

We will:

  • Respond to your report within 5 business days.
  • Keep you informed throughout DPIRD's internal investigation and remediation (if required) of the identified vulnerability.
  • Agree on a date for public disclosure.
  • Credit you as the person who discovered the vulnerability unless you prefer to remain anonymous.