How to report a vulnerability
To report a potential security vulnerability, send details to watchdesk@sa.gov.au.
We ask that you also maintain confidentiality and abide by the Vulnerability Disclosure Policy.
If you are conducting any testing, you must do so in accordance with the Vulnerability Disclosure Policy, which outlines permitted and prohibited testing activities. Do not publicly disclose details of any potential security vulnerabilities without our written consent.
Provide as much information as possible, including:
- an explanation of the potential security vulnerability
- listing the products and services that may be affected (where possible)
- steps to reproduce the vulnerability (where possible)
- proof-of-concept code (where applicable)
- names of any test accounts you have created (where applicable)
- your contact details (at minimum, an email address so we can respond to your report).
We may need to contact you for more information to resolve the issue. Your report will be handled confidentially in line with our privacy policy.
