Australian Taxation Office⌗
Did you know that the Australian Taxation Office has a Vulnerability Disclosure Program?
I was pretty excited when I stumbled across their VDP:
I reported a security vulnerability to the Australian Taxation Office! 🕵️
Australian Cyber Security Centre⌗
It can be difficult to find the right person or team to escalate a security vulnerability to.
I have reported 20+ security vulnerabilities to service providers with critical infrastructure over the past few years.
When my usual approach of finding the right team does not work, I reach out to the Australian Cyber Security Centre (ACSC) for help.
I have escalated security vulnerabilities via the ACSC when there is a risk to critical infrastructure. Each time they have been responsive and made contact with the service provider or government department.
Vulnerability disclosure programs⌗
I honestly would not have reported a vulnerability to the ATO if I did not stumble across their vulnerability disclosure program. I had noticed the issue but it was not immediately obvious that it was an issue until now.
The vulnerability disclosure program made me think “Have I noticed anything dodgy with any of their systems?”.
Please consider setting up a vulnerability disclosure program to at least make it easier for security researchers to report what they have found.
Thanks ATO for having a VDP and for adding me to the hall of fame! 🥳
Let’s chat on LinkedIn: