Skip to content
This repository has been archived by the owner on May 23, 2024. It is now read-only.

Security: minhealthnz/nzpassverifier-app

Security

SECURITY.md

Security Vulnerabilities

The NZ Pass Verifier is built with security and data privacy in mind to ensure your data is safe.

Reporting

We are grateful for security researchers and users reporting a vulnerability to us first. To ensure that your request is handled in a timely manner and we can keep users safe, please follow the below guidelines.

  • Please do not report security vulnerabilities directly on GitHub.

  • To report a vulnerability, please email [email protected].

  • In the email, please include the following:

    • Application: "NZ Pass Verifier"
    • Version: " " (Either note the specific release version or commit id of the master branch you investigated.)
    • Platform: " "
    • Vulnerability Title: " "
    • Description: " "
    • Type: " "
    • CVSS v3 score: " "
    • Steps to Reproduce: " "
  • We ask that you do not publish or share the vulnerability with anyone else.

  • For support or bug reports that don't impact on security, email [email protected].

Disclosure Handling

The Ministry of Health is committed to timely review and response to disclosures. The project will inform the public about security vulnerabilities after they are resolved or a patch is available.

More details about the Ministry of Health vulnerability disclosure policy are available on the Ministry of Health website.

There aren’t any published security advisories