Vulnerability Disclosure Policy

Vulnerability Disclosure Policy

Outer Orbit believes in a timely and responsible vulnerability disclosure policy which alerts vendors to potential security issues in their products.

We will attempt to disclose our security advisory to the affected vendor(s), co-ordinate potential mitigation testing and prepare for public disclosure.

  • We will disclose our findings to the affected vendor(s) using publicly accessible means of communications (email, fax, contact forms, bug bounty platforms, etc)
  • Vendor(s) will have 45 days to acknowledge, respond and mitigate findings
  • Our security advisories may contain information to help the vendor(s) understand risk potential, including but not limited to, SVSS scores, CWE references and historical examples of similar vulnerabilities in other software for reference.
  • Within that time-frame, Outer Orbit will assist in mitigation testing, confirmation and coordination of public disclosure.
  • For public disclosure extensions, please see ‘Extenuating circumstances’ below

We reserve the right to move forward on disclosure if the following occurs:

  • Vulnerabilities in question are being actively exploited in the wild
  • Vendor(s) are unresponsive
  • Partial vulnerability information has already reached the public

Extenuating circumstances may lead to an extension of our vulnerability disclosure policy, unless we feel it is not required. They are listed below:

  • Mitigation and patch development schedule
  • Critical severity and exploitability
  • Infrastructure risk
  • Vulnerabilities which affect standards
  • Extensive code overhaul or rewrites

Please contact This email address is being protected from spambots. You need JavaScript enabled to view it. if you have questions or concerns with this policy, or disclosures.

f t g m

About Us

Outer Orbit assists businesses across New Zealand and beyond to identify security risks and vulnerabilities within their infrastructure.

Our services are tailored for the specific needs of each client, no matter the size or complexity.