What this policy covers

This policy covers:

  • Any product or service developed and/or administered by Education Services Australia to which you have lawful access

This policy does not cover:

  • clickjacking
  • social engineering or phishing
  • weak or insecure SSL ciphers and certificates
  • denial of service (DoS)
  • physical attacks
  • attempts to modify or destroy data
  • actions that violate Australian law

How to report a vulnerability

To report a vulnerability, email [email protected].

Please include enough detail so we can reproduce your steps.

If you report a vulnerability under this policy, you must keep it confidential. Do not make your research public until we have finished investigating and fixed or mitigated the vulnerability.

What happens next

We will:

  • respond to your report within 5 business days
  • keep you informed of our progress
  • agree upon a date for public disclosure (if appropriate)
  • credit you as the person who discovered the vulnerability unless you prefer us not to.