Security Disclosure

We actively support and encourage industry disclosure of security vulnerabilities.

Signify takes the security of our applications very seriously. All software has vulnerabilities and it is how you deal with these vulnerabilities that is important.

We encourage all our clients to subscribe to regular security patching of their operating systems and applications. Sometime however this may not be enough to fully eliminate issues.

We are happy to work with anyone that identifies an issue on a website that we manage or have built. We work with our clients to try and resolve any issues raised before they become problems. If you think you have identified an issue then please raise it with us using one of the methods below.

What is Responsible Disclosure?

Responsible disclosure is about:

  • Ensuring that vulnerabilities can be identified and eliminated effectively and efficiently for all parties

  • Minimising the risk to customers from vulnerabilities that could allow damage to their systems

  • Providing customers with sufficient information for them to evaluate the level of security in vendors' products

  • Providing the security community with the information necessary to develop tools and methods for identifying, managing, and reducing the risks of vulnerabilities in information technology

  • Minimising the amount of time and resources required to manage vulnerability information

  • Facilitating long-term research and development of techniques, products, and processes for avoiding or mitigating vulnerabilities

  • Minimising the amount of antagonism that often exists between parties as a result of different assumptions and expectations, due to the lack of consistent and explicit disclosure practices

How does Signify encourage Responsible disclosure?

  • By encouraging you to contact us providing as much or as little information as you like. If you would like to anonymously let Signify know of an issue this is the direct way to do it.

  • You can complete the Disclosure form. Your name, email and contact number are optional.

  • You can email us at disclosure@signify.co.nz. Please provide us with as much information as possible to identify, recreate and solve this issue.

  • Or let us know about the issue by contacting the New Zealand Internet Task Force on disclosure@nzitf.org.nz. If you would like to stay anonymous make sure you let them know. They will work with you to provide Signify with enough information to address the issue but nothing to identify you, unless you want to be identified.

Want to Know More?

The New Zealand Internet Task Force (NZITF) has released guidelines on how New Zealanders and NZ companies can implement coordinated disclosure.

These guidelines will help security researchers and organisations to work together when disclosing and addressing vulnerabilities in ICT systems.

Download the guideline from the NZITF on coordinated disclosure.

Want to find out more about how we can help you? Contact us

Report a vulnerability

↩ Back to Our Services