Your feedback is appreciated!

.auCheck is a dynamic tool. Changes and updates will be made on a continuous basis. We value any and all feedback from the community.

Have you noticed a security issues with the website, then please check our Coordinated Vulnerability Disclosure section below.

Do you notice factual mistakes or do you have suggestions for how we can improve the site? Then continue reading!

How to inform us of errors or suggestions for improvement

It’s very important for us that .auCheck provides technically correct data and offers users valuable and actionable information.

When you notice any factual errors with the tests, text or with the information provided, please send an email to aucheck@aspi.org.au with a screenshot of the error and a short description.

We’ll do our best to remedy the error within five working days and we’ll inform you of the action we’ve taken.

Equally, when you have suggestionson how we can improve the site, please drop us a message and we’re happy to discuss your ideas and inputs.

How to notify us of security flaws

The security of the .auCheck website is very important. Despite the care we have taken to ensure security, an existing vulnerability may be found or a new one may arise.

Have you found a security flaw in the .auCheck website, then please read this policy on coordinated vulnerability disclosure carefully. It describes our actions and your responsibilities.

Situation

You may have accidentally run across a weakness in our website while using it for its intended purposes, or perhaps you have been actively trying to find a vulnerability. In either case, it is important that you contact us as soon as possible.

By all means, this is not an invitation to extensively scan and test our site for weaknesses. We are doing this ourselves.

If you think you've found a weakness, we would like to work with you to remedy the situation and improve the security of our website.

We will always take notifications seriously and will look into suspected vulnerabilities.

Your responsibilities

When finding a potential security vulnerability, we ask you to take the following steps:

  1. send an email with your findings to aucheck@aspi.org.au as soon as possible. Make sure you provide sufficient information to replicate the problem, so we can fix it as soon as possible;

  2. Refrain from running tests that may compromise anyone's physical security, involve social engineering or affect third-party applications;

  3. do not run brute force or denial of service attacks and don't exploit the vulnerability to, for example, change or delete data, or install malware;

  4. refrain from sharing the vulnerability with others until we have assessed and addressed it;

  5. do not copy data from our systems, other than what is absolutely necessary to demonstrate the vulnerability;

  6. Please leave your contact data (e-mail address and phone number), so we can get in touch and work with you to fix the problem.

Our commitment

In return, we commit to the following steps:

  1. we will acknowledge receipt of your report within 72 hours, and respond within five working days with our evaluation of your reported issue and an expected date for a solution;

  2. we will treat your report confidentially: we will not share your personal information without your consent, unless of course there's a legal requirement;

  3. we will keep you informed of our progress in solving the problem;

  4. if you wish, we will credit you as the discoverer of a vulnerability in any news reports

  5. an accidental discovery of a vulnerability will not lead to legal actions unless we've found a breach of the steps under 'your responsibilities' or when you did not act in the spirit of responsible disclosure.

More information?

Please have a look at the following documents to find out more about policies and practices of coordinated vulnerability disclosure.

  • The Global Forum on Cyber Expertise has developed this global good practices document
  • Guidelines by the Australian Cyber Security Centre can be found in this guidance document.