Thanks to the security community for helping keep Integrated Web Solutions Australia (IWSA Studio) resilient. If you’ve found a vulnerability, please follow our Responsible Disclosure policy below – we appreciate your help and give public credit here.

How to report

• Email: nat@iwsa.com.au
• Include a clear description, steps to reproduce, affected URLs/endpoints, and any proof-of-concept.
• We aim to acknowledge within 3 business days and keep you updated as we work on a fix.

Responsible disclosure (summary)

Please give us reasonable time to remediate before public disclosure. Don’t access customer data, pivot beyond what’s required to demonstrate impact, or disrupt service (e.g., DoS, spam). Social engineering and physical testing are out of scope.

Full policy: https://iwsa.com.au/security-policy/

Legal “safe harbour” (plain language)

If you follow our policy and act in good faith, we won’t pursue legal action. This protection doesn’t apply to actions that break the law or harm users.

Recognition

We don’t run a paid bug bounty at this time. We offer public acknowledgement (and occasional thank-you swag) for valid, previously unknown issues reported responsibly.

Hall of Fame

Public credit for researchers who helped improve our security.

No public acknowledgements yet — yours could be the first.

Last updated: 11 Aug 2025