Vulnerability Disclosure Policy

Vulnerability Disclosure Policy

Outer Orbit believes in a timely and responsible vulnerability disclosure policy which alerts vendors to potential security issues in their products.

We will attempt to disclose our security advisory to the affected vendor(s), co-ordinate potential mitigation testing and prepare for public disclosure.

  • We will disclose our findings to the affected vendor(s) using publicly accessible means of communications (email, fax, contact forms, bug bounty platforms, etc)
  • Vendor(s) will have 45 days to acknowledge, respond and mitigate findings
  • Our security advisories may contain information to help the vendor(s) understand risk potential, including but not limited to, SVSS scores, CWE references and historical examples of similar vulnerabilities in other software for reference.
  • Within that time-frame, Outer Orbit will assist in mitigation testing, confirmation and coordination of public disclosure.
  • For public disclosure extensions, please see ‘Extenuating circumstances’ below

We reserve the right to move forward on disclosure if the following occurs:

  • Vulnerabilities in question are being actively exploited in the wild
  • Vendor(s) are unresponsive
  • Partial vulnerability information has already reached the public

Extenuating circumstances may lead to an extension of our vulnerability disclosure policy, unless we feel it is not required. They are listed below:

  • Mitigation and patch development schedule
  • Critical severity and exploitability
  • Infrastructure risk
  • Vulnerabilities which affect standards
  • Extensive code overhaul or rewrites

Please contact This email address is being protected from spambots. You need JavaScript enabled to view it. if you have questions or concerns with this policy, or disclosures.



About Us

About Us


Outer Orbit helps businesses to identify security vulnerabilities, defend their architecture, and mitigate risks. As a trusted information security partner, Outer Orbit tailors its security assessment and managed security services to the unique needs of each client, whether a large enterprise or a small-to-medium sized business.


Our Clients


Our clients are forward-thinking organisations in a wide range of industries and compliance requirements. Security needs vary as well, and we can easily adapt our strategies to suit any client requirements.





Experienced in multiple verticals, we have insight into the needs of healthcare, financial services, retail, technology, hospitality, and energy. By bringing this real-world, industry experience to each organisation, we enable businesses to further develop their information security and compliance programs.


Our People


Passionate and forward-thinking, our consultants bring decades of combined technical experience as experts within their field. Drawing from security experience across an array of industries, we pride ourselves on both depth and breadth of information security and compliance experience.





Think you'd be a good fit? Read on.

Do you like to tinker, tamper, and pull things apart? Does a database error in a webpage get your adrenaline pumping? Do IDS evasion techniques keep you up at night? You’re in the right place – join us at Outer Orbit. Audit, secure, research, make, and break some of the best security in the world. We are seeking security, technical, sales, and operational staff who will contribute to the security posture of our forward thinking clients. We understand that staying ahead of the curve means hiring, training, and retaining the best.


Think you can add value but don’t see a position that fits?


Speak up! We’ll hold your resume and let you know as soon as a fit arises.

  • Penetration Testers
  • SOC Analysts
  • Reverse Engineers
  • Exploit developers
  • Incident Responders
  • Security Auditors
  • Outside Sales Representatives


Discover the Security Gaps in Your Business Before a Breach


The growing dependence on technology has brought an upsurge in cyberattacks, particularly in the retail industry. With thousands of online transactions everyday and stolen credit cards providing high value in the underground market, the retail industry is a large target for hackers. Ensuring protection of customer databases and meeting PCI compliance standards are of utmost importance to businesses, but many don’t know where to begin.

Outer Orbit services focuses on allowing businesses to conduct business as usual – without the worry of a major breach or compliance audit. Our consultants understand the high reliance on point-of-sale (POS) terminals and the potential for credit card theft that puts the retail industry at a particularly high risk.


Retail Industry Compliance Requirements

Compliance is central to the retail industry, with PCI-DSS regulation requiring all companies who handle card data to be compliant. Public retail corporations are also subject to SOX compliance, requiring further checks and balances to ensure data security is implemented properly.

In many cases, ISO 27001 is also required in the retail industry to demonstrate proper controls to customers and investors.


Retail Challenges

With large, sensitive databases and point of sale terminals, the retail industry faces a number of security adversaries. But outside threats aren’t the only security concern to IT. Legacy POS applications, poor development practices, and lack of network segmentation all provide weaknesses for attackers to exploit.

Even the largest retailers aren’t immune these attacks – as shown with breaches at Target and Home Depot.

Potential Impacts:

  • Service Downtime/Financial Loss
  • Reputation Loss
  • Negative Press
  • Breach Lawsuits/Legal Fees


Determine the gaps in your security programs with a deep-dive penetration test from Outer Orbit. From network pentests to social engineering assessments, Outer Orbit can help you identify the risks to your organization.


Penetration Testing

Our world-class penetration testing and research has been covered in Wired, Forbes, CNN and other outlets, showcasing our comprehensive assessment package. Identify the strengths – and weaknesses – of your security infrastructure before attackers do.

Social Engineering Assessment

While security assessments are typically restricted to technology, most sophisticated attacks begin with a malicious email or link. Identify the weaknesses in the security policies of your organization, and how your employees handle them.


Application Assessment

Each assessments starts with the OWASP Top 10 most common risks, also includes more advanced vulnerabilities to ensure all attack vectors have been identified. Whether web, mobile, or IoT, we have the experience to address the unique security challenges you face.

Secure Code Review

Identify and remediate software vulnerabilities early and often. With a hybrid approach, we utilize both automated code scanners and manual analysis to conduct a thorough security review of your application – and all associated libraries.


Deep-dive Penetration Testing Services for the Retail Industry

Identify risks to user cardholder data (CHD) and other sensitive data. A manual penetration testing can uncover vulnerabilities that may pose a threat to your network and user’s data.

f t g m

About Us

Outer Orbit assists businesses across New Zealand and beyond to identify security risks and vulnerabilities within their infrastructure.

Our services are tailored for the specific needs of each client, no matter the size or complexity.