Overview

The security of our systems is a top priority and we take every care to keep them secure. Despite our efforts, there may still be vulnerabilities.

We are keen to engage with the security community. This policy allows security researchers to share their findings with us. If you think you have found a potential vulnerability in one of our systems, services or products, please tell us as quickly as possible.

We will not compensate you for finding potential or confirmed vulnerabilities.

This policy covers any product or service wholly owned by VCCI to which you have lawful access. This policy does not cover:

• clickjacking
• social engineering or phishing
• weak or insecure SSL ciphers and certificates
• denial of service (DoS)
• physical attacks
• attempts to modify or destroy data

Reporting

To report a vulnerability please use the email customerservice@victorianchamber.com.au.

Include enough detail so we can reproduce your steps.

If you report a vulnerability under this policy, you must keep it confidential. Do not make your research public until we have finished investigating and fixed or mitigated the vulnerability.

What happens next

We will:

• respond to your report within 10 business days
• keep you informed of our progress
• credit you as the person who discovered the vulnerability unless you prefer us not to and that the name provided is not considered offensive. Additionally we will provide a link to your LinkedIn profile.

Security researcher contributors

Below are the names or aliases of people who have identified and disclosed vulnerabilities to us:

• Devansh Chauhan
• Rokkam Vamshi
• Pratama Aji Prisadi
• Vaibhav Jain
• Nikhil Rane
• Chirag Ketan Prajapati
• Abdelrahman Ibrahim Farg