Security Policy

This is the Security Policy for the Kaweka Consulting website at https://www.kaweka.nz.

What is a website Security Policy?

The “Policy” field indicates a link to where the vulnerability disclosure policy is located. This can help security researchers understand the organization’s vulnerability reporting practices. If this field indicates a web URI, then it MUST begin with “https://” (as per Section 2.7.2 of [RFC7230]).

Our Security Policy

We are open to receiving notifications of vulnerabilities related to this website or other services operated by Kaweka Consulting.

Contact

Please use the contact information in our security.txt ¹ file to notify us. DO NOT leave a comment on this site or use any submission process that would disclose the information to other parties.

What to include

We would appreciate as much information as possible about what data is affected by the vulnerability and any indicators of the source of the problem. e.g. a specific Javascript library; SQL injection example.

Please provide your own contact information to help us ask any additional questions.

What to expect

Our team will aim to acknowledge your notification within 48 hours. We may request more information from you at that time for further details.

Sorry, but we will not be participating in any reward schemes for payment to submitters.

Vulnerability scope

The scope of vulnerabilities under this policy is limited to this website only, https://www.kaweka.nz.

https://www.kaweka.nz/.well-known/security.txt ↩︎

Last updated on November 10, 2024