BTB Australia

ENQUIRE NOW

Report a Security Vulnerability

BTB is committed to resolving any issues that may compromise the security of our products and services as quickly as possible.  

We take security vulnerabilities very seriously and protecting client data is one of our top priorities. 

If you have discovered a security vulnerability, we would appreciate if you could keep your findings strictly confidential and disclose the relevant information to us in a responsible manner, as described below.  

How to report a security vulnerability? 

If you think you’ve found a security vulnerability in BTB products, services or online platforms, please contact us immediately via email to security@btbaustralia.com.au 

What to include in the report? 

Please provide as much detail as possible.   

We would appreciate the following: 

  • An explanation of the security vulnerability 
  • A list of the products and services that may be affected (versions where applicable) 
  • Steps to reproduce the vulnerability 
  • Proof-of-Concept code or software 
  • Test accounts you have created 
  • URLs, IP addresses or infrastructure associated with the vulnerability (if relevant) 
  • Your contact information, such as your organisation and contact name for ongoing communication.  

Rules of engagement 

Please do not: 

  • Take advantage of a security vulnerability 
  • Access, delete or modify BTB or client data 
  • Publicly disclose a vulnerability until it has been resolved 
  • Download more data than necessary to demonstrate a vulnerability 
  • Attempt to break into client accounts 
  • Ask for compensation for your report 
  • Use Social Engineering, Denial of Service or Phishing attacks 

Next steps 

Please maintain confidentiality and do not make your research public until we have completed our investigation and implemented patches or other mitigations. 

The BTB security team will endeavour to contact you within 72 hours of you reporting the security vulnerability and keep you informed on our progress towards resolving the vulnerability.  

We will notify you when the security vulnerability has been patched or mitigated.