Coordinated Disclosure Policy

If you encounter a security-related issue within any of our online systems, please inform us immediately so we can conduct an investigation and rectify the matter.
There are some things we ask you to do - and not to do. 
Your cooperation with our vulnerability disclosure policy means we can protect you and our customers. And fix the issue as quickly as possible.

 

What you need to do

  • Notify us. You can email our security team security@fluxfederation.com
  • If you’re concerned about email security you can send a PGP encrypted message with the key below.
  • Tell us as much as you can about the issue, including:
    - type of vulnerability
    - whether the information has been published or shared with others
    - step-by-step instructions or proof of concept to replicate the issue.

What you need to do

We ask that you do not:
  • share the vulnerability with anyone except us
  • share any information belonging to our customers.

Our commitment to you

If you follow our requests and act in good faith we will:
  • reply to you within 7 days to confirm we’ve received your email
  • outline our planned response
  • investigate and fix the issue as quickly as possible
  • if appropriate, let you know the results of our investigations and how we plan to publicly disclose the issue
  • only share the information you give us with our suppliers if it affects them - otherwise we’ll keep it confidential within InternetNZ
  • If you find a significant vulnerability we’ll publicly acknowledge your contribution to keeping our online systems secure.

We will not initiate legal action against any security researchers who follow our requests and act in good faith.

Acting in good faith includes not carrying out any security research with the aim of:

  • causing or attempting to cause a Denial of Service (DoS) condition
  • accessing or attempting to access data or information that doesn’t belong to you
  • destroying, corrupting - or attempting to destroy or corrupt - data or information that doesn’t belong to you.

Need more information?

Please contact us if you need more information or have any questions.

You can email our security team. If you’re concerned about email security you can send a PGP encrypted message with this key:


-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGNBGa71ncBDAC+CytrEA1sGsW57ZDGUGu1V4ge+OCqhtpTO3M8JJ3NnhdAldd3
L/5tszLRfXJkMz20Xc3EcLj96N/6tUWE2m/nFmOJKWVoa7ur083L3f9tY9j57wep
L8Hx1/g8ty8os7wIDTTBYxVJRyzgPlt7gaAicaDG8UGj1++2sE1yq8neBhY7IRqC
3nUqpM2dXBjatrSf/Tw3LAz57R+pFrhn1RHqK5m5AaqaP9ltqPh2trDXqE6AsEF1
BfWQvAo1NmYgSYe++RiavAKdoGP5IBDu+F9PnDzCUB+qDlVVuAFeBQSgZtTBQbvJ
2XTWDQcW0IsAFfMRzJGCS0LsuQ5YoKe2LnIY5wtIu05H2ECLA8ZJhHRWa4cYy4ly
DoTPyC2Rf6jxMW0gBJDOJ/LeQUaL5lJ0hjpTc5nJB3UkLgKv/bXqIMLf+GSvPlPM
+F/AO/D4qjrG4ZtFc7XPNF5U390GXBT79XD4ZKbyN+d0t+Pv9bx0WpdAhQrO3Xzw
8wGyogHS5bcqntkAEQEAAbRBc2VjdXJpdHkgKHVzZWQgZm9yIHZ1bG4gZGlzY2xv
c3VyZSkgPHNlY3VyaXR5QGZsdXhmZWRlcmF0aW9uLmNvbT6JAc4EEwEKADgWIQSN
O8hwvXQnRRaNS+q28dbinm+2IgUCZrvWdwIbAwULCQgHAgYVCgkICwIEFgIDAQIe
AQIXgAAKCRC28dbinm+2InB/C/42LPmKdasHUwSTa1MGBBqh5aMKMZONyZWHGQrL
czKBhySFFGHh7gozRMuoWNpCeM4rsmrAe16IeG5GdZSRNwvd9r0upQCcfUPLEic6
vC6RpXN3ZWb6PFohzTLZcQ1ZMRyPhvsp336ga0fjGoXRfzX0E4l7tzBRf6GS+IZ1
MjEpgUHserSQ7CrbnAkV0Z5shmWsmPAO7qt2T25SNTYgDAN12HruHlkvZnLqo9x6
bpMiveGQ285Iyh463MNusLEjlQ8cExoAcce5ngHN0+yzf8L/N2slerqVfZvj48af
CYYmqVvA8rIDI6WNhdNvVMgwgGsdl8uH/pqZYJgPuA6w4uOcIx6lL3qmQvEbD2w5
lgL52rXpORp9I7OBMvg77fJ0ji/v7BJoXOKloRztye5IRbtnmNQm4HHYPFmMO5zg
u4DtarQ7jn2KOIzVBzmIU4dlbccVzCqwHsi0IxKAlPViSZ0WYemczqIYglYho6WK
LVeGAhjWBp56uTQRdpDHrmIIKpq5AY0EZrvWdwEMAL18cz+dtTxjPzWmWdQk/I8h
kNl/bbbN3UvH+JyZzx3qB3A1WoYshzGsrrzEOK7efd1UUnenE+YWMgkd06sJ+tGO
hHIokL+Wuv8JlSMjulg0wwjA1HrtLOn0TfyHzTmq4L/mOTZADUCsjMvwqc2PWutx
eCX2EfTqX1NGcAKVZNa0+WI+IEjExEIG/CwirMZOaQrOn3eL0OFYva4nBoP0s5Px
12nRYdq+uVhVsN5bvNqwMhm/pN5Z8bRE0QUPiyuMOc1HHSTln0k33rXNL4i1D9Mn
DgFJ10IxqxN/KaEepic6neeKO07iNiN5umHFg7HEOqW2/xp3B1LJOtVBVDs7tW4j
qtANHK4nZwyMDsObTZU6NG9zqjeothkcYibhamo+hLBVL8QXYcCyRJUpyJxnFF31
9LeqfZl+tOsBkGBRVgu/quczQfx1d5UXAfJBp01t+Yg6xbfxzhKHrWyKbCkKWJqA
l1jW+IL626uAIqvpqg20+uOKsp3YctqVgehcXP3hAwARAQABiQG2BBgBCgAgFiEE
jTvIcL10J0UWjUvqtvHW4p5vtiIFAma71ncCGwwACgkQtvHW4p5vtiLK/wv/Ypyb
VhO1Qg/Ec2zZ4fZm/O3hkr8IkI7KZ26zur6o87RK9Y6MZBMIMdZo+mjRBLmLHoiG
P0cdRMDt65FJRyP/T8DULV96ZaMQLNRdRQPPjs7fGnT/Op2XyWp2HCci/JjNoxTZ
21+lkxEIbNjfOlEYC8jpYaIrScQ6QmNs+neZ5zliJy1XYm4bjCwpATuMh6TTbo+0
SDTSBVWFAgrVeKCFZt4tDxjSLD15AAnrKl1F4BR7z7MwczDHVLXcjaiYmTmXDlLp
AJEqdjYFxeug2CBZbKGZwZ1ActtTEUT01aX5Fp0TlFgf4v5zrvB7qFQ2E7ymFdWR
6lPE27juawtlfXM/Rq2SiUSP2VNce62vvlyvXBpfBmSyEabBsEWtq6tRS4PiTzVk
yf1MOdSOj+0ofxze56N4s8YCT6iNM/ZAoNz4aXnPHe77iyzVZR38NRIP7EQ/wZdb
DfFZ3Iw/jLQP2BpTcgSgOgzXoz5XCHp3uSOcws5i3iDCeGpVkANOrYFoD7IQ
=dWT+
-----END PGP PUBLIC KEY BLOCK-----