< Back Home > Contact us >
Ausgrid Vulnerability Disclosure Program
Ausgrid Vulnerability Disclosure Program
At Ausgrid, we are committed to ensuring the security and safety of our information, systems and assets.

Our Vulnerability disclosure program allows security researchers to share their findings directly with us. If you believe you have discovered a security vulnerability in an Ausgrid system, service or product, please report it to us as soon as possible, subject to the rules below.

For the protection of our customers, we treat all information regarding a vulnerability as confidential and ask that you do not publicly disclose, discuss or confirm the details of any suspected security issues.

What is not allowed?

The following types of research are strictly prohibited:

  • Any physical attempts to access Ausgrid assets and property
  • Accessing or attempting to access accounts or data that you are not authorised to access
  • Sharing information about vulnerabilities found with third parties without prior approval from us
  • Any attempt to exfiltrate, modify or destroy any data without prior approval from us
  • Sending or attempting to send unsolicited or unauthorised email, spam or any other form of unsolicited messages
  • Conducting social engineering (including phishing) of Ausgrid employees, contractors, customers or any other related party
  • Posting, transmitting, uploading, linking to, sending or storing malware, viruses or similar harmful software that could impact our services, products, customers, or any other related party
  • Denial of Service (DoS) attacks to disrupt any of our services
  • Clickjacking
  • Weak or insecure SSL ciphers and certificates (unless there are exploitable vulnerabilities associated with them)
  • Any activity that breaches any law

The following people are excluded from the scope of this Program:

  • employees and officers of Ausgrid and
  • technology or security contractors engaged by Ausgrid, their employees and any other individuals they directly or indirectly engage for work relating to Ausgrid.

How to Report a Potential Security Vulnerability

You can responsibly disclose potential security vulnerabilities to Ausgrid’s Cyber Security team by submitting the form below. We’ll consider and verify the information to enhance the security and safety of our systems.

When reporting a potential security vulnerability, please include as much information as possible, including:

  • Name and contact details (optional)
  • A short description of the vulnerability
  • Date and time the suspected security issue or vulnerability was discovered
  • Details of the systems that are affected by the vulnerability
  • A detailed description of the vulnerability and security impact
  • Step-by-step instructions to reproduce the vulnerability (how could an attacker exploit it?)
  • Any suggestions you have on how to fix the vulnerability

Any personal information you provide will be managed in accordance with Ausgrid’s Privacy Policy

Alternatively, you may choose to remain anonymous or provide a pseudonym.


Vulnerability Disclosure Form

Please provide the details of any potential security vulnerabilities to Ausgrid’s Cyber Security team by submitting the form below. Code examples cannot be pasted into this form.

Thanks for letting us know. We will investigate the issue you have raised and we may need to contact you.

If you need to contact Ausgrid urgently please call 13 13 65.

{{ errors.first('Name') }}

{{ errors.first('Email Address') }}

We’ll never share your email with anyone else

{{ errors.first('Comments or feedback') }}

This form has a 1,000 character limit.