Skip to content
This repository has been archived by the owner on May 23, 2024. It is now read-only.

Security: minhealthnz/nzcovidtracer-app

Security Navigation

SECURITY.md

Security Vulnerabilities

The NZ Covid Tracer is built with security and data privacy in mind to ensure your data is safe.

Reporting

We are grateful for security researchers and users reporting a vulnerability to us first. To ensure that your request is handled in a timely manner and we can keep users safe, please follow the below guidelines.

  • Please do not report security vulnerabilities directly on GitHub.

  • To report a vulnerability, please email vulnerability-disclosures@health.govt.nz.

  • In the email, please include the following:

    • Application: "NZ COVID Tracer"
    • Version: " " (Either note the specific release version or commit id of the master branch you investigated.)
    • Platform: " "
    • Vulnerability Title: " "
    • Description: " "
    • Type: " "
    • CVSS v3 score: " "
    • Steps to Reproduce: " "
  • We ask that you do not publish or share the vulnerability with anyone else.

  • For support or bug reports that don't impact on security, email help@covidtracer.min.health.nz.

Disclosure Handling

The Ministry of Health is committed to timely review and response to disclosures. The project will inform the public about security vulnerabilities after they are resolved or a patch is available.

More details about the Ministry of Health vulnerability disclosure policy are available on the Ministry of Health website.