When information and communication technology (ICT) vulnerabilities are found, it is important to avoid all activities that may pose a further threat to systems and data security.

Helping to reduce cyber risk, individuals and organisations are encouraged to report information related to Defence ICT security vulnerabilities.

When reporting a vulnerability, provide details including:

  • potential impact of exploitation
  • where the vulnerability was found, such as hostname, URL or IP address
  • specific tools or techniques used to discover the vulnerability
  • what access or other conditions an attacker requires to exploit the vulnerability
  • proof-of-concept code (where applicable).

Reporting form

Vulnerabilities can be reported by completing and submitting the form below. Multiple vulnerabilities can be reported in the same submission.
Reports can be submitted anonymously by leaving this field blank. If a name is provided this may be acknowledged in vulnerability reporting.
Describe the vulnerability, including the discovery method, source location, at risk applications, dependencies, conditions, impacts, attacker reward, active exploitations, etc.