The main points of the submission comment on the following questions from the consultation paper:
- Question 8: Application of the Framework in the current legislative and policy landscape?
- Question 10: How should NSW Government agencies handle reports that involved testing and disclosure but are not in the scope of good faith research?
- Question 16: How much time is reasonable to acknowledge reports (e.g. 5 days)? What other guidance should be given to agencies about providing acknowledgement to reporters?
- Question 17: How much time is reasonable for Cyber Security NSW to provide agencies with vulnerability disclosure reports?
A pdf copy of the submission is here
Further background information on the submission is here