News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Report it
  3. Coordinated vulnerability disclosure

Te whāki ngoikoretanga reretahi Coordinated vulnerability disclosure

A vulnerability is a weakness in software, hardware, or an online service. Vulnerabilities can be exploited to damage a system or access information.

If you find a vulnerability in a service or product, NCSC can help you communicate with the vendor whose systems are affected. This is known as coordinated disclosure.

Coordinated vulnerability disclosure balances the needs of the public with the needs of the vendor. The public needs to both report and be informed of vulnerabilities. Vendors need to have time to respond to, and address, vulnerabilities.

It's useful if the finder of a vulnerability:

  • doesn't want to contact the vendor themselves, or
  • hasn't been successful in contacting the vendor directly.

You can report vulnerabilities to the NCSC for coordinated disclosure.

To report a vulnerability, send a PGP encrypted email to disclosures@ncsc.govt.nz.

Our PGP fingerprint is 9713 8773 3D95 7FAD C0EA 1797 8EB8 FFBD D973 476E.

More information

Coordinated vulnerability disclosure policy

How to report a vulnerability guide