What this policy covers
This policy covers:
- Any product or service developed and/or administered by Education Services Australia to which you have lawful access
This policy does not cover:
- clickjacking
- social engineering or phishing
- weak or insecure SSL ciphers and certificates
- denial of service (DoS)
- physical attacks
- attempts to modify or destroy data
- actions that violate Australian law
How to report a vulnerability
To report a vulnerability, email [email protected].
Please include enough detail so we can reproduce your steps.
If you report a vulnerability under this policy, you must keep it confidential. Do not make your research public until we have finished investigating and fixed or mitigated the vulnerability.
What happens next
We will:
- respond to your report within 5 business days
- keep you informed of our progress
- agree upon a date for public disclosure (if appropriate)
- credit you as the person who discovered the vulnerability unless you prefer us not to.