How external researchers and customers can report security issues to Changineers.
Changineers welcomes reports of security issues from external researchers and customers.
How to report
Section titled “How to report”Send a report to security@changineers.com.au. Please include:
- A description of the issue and its impact.
- Steps to reproduce, or a proof of concept.
- The affected URL, endpoint, or component if you know it.
- Your name or handle if you’d like to be credited.
We accept reports in English. PGP is not required; if you’d like to encrypt your report, contact us first and we will arrange a key.
What happens next
Section titled “What happens next”The Security team acknowledges every report on receipt. We investigate and keep you updated as we work through it.
We do not currently run a paid bug bounty programme. We’re grateful for reports and will credit researchers who would like to be named.
Scope and safe harbour
Section titled “Scope and safe harbour”In scope: the Changineers platform and any service hosted under
changineers.com.au or changineersplatform.com.
Out of scope: denial-of-service testing, social engineering of staff or customers, physical attacks, and testing against systems that are not ours.
We will not pursue legal action against researchers who:
- Make a good-faith effort to comply with this policy.
- Do not access, modify, or delete customer data beyond what is necessary to demonstrate the issue.
- Give us a reasonable opportunity to respond before any public disclosure.