The main points of the submission comment on the following questions from the consultation paper: 

  • Question 8: Application of the Framework in the current legislative and policy landscape?
  • Question 10: How should NSW Government agencies handle reports that involved testing and disclosure but are not in the scope of good faith research? 
  • Question 16: How much time is reasonable to acknowledge reports (e.g. 5 days)? What other guidance should be given to agencies about providing acknowledgement to reporters? 
  • Question 17: How much time is reasonable for Cyber Security NSW to provide agencies with vulnerability disclosure reports?

A pdf copy of the submission is here

Further background information on the submission is here