Security and vulnerability disclosure.

Last updated July 2026

Securing systems is our trade, and we hold our own to the same standard. If you have found a security vulnerability affecting SiegeBrake or a system we operate, we want to hear from you. This page sets out how to report it, what is in scope, and the protections we extend to researchers who act in good faith.

How to report.

Send your report through our contact form. Please include enough detail for us to reproduce the issue: the affected system or URL, a description of the vulnerability, the steps to trigger it, and any proof-of-concept material. If you need to share sensitive details, say so in your first message and we will arrange a secure channel.

This policy is also published in machine-readable form at /.well-known/security.txt.

Scope.

This policy covers the SiegeBrake website and internet-facing systems we own or operate. Findings hosted by our third-party providers, such as our scheduling, forms and chat suppliers, are best reported to those providers directly, though we are happy to help coordinate. Denial-of-service testing, physical attacks, social engineering of our staff or clients, and any testing that degrades a service or accesses another party's data are not authorised.

Safe harbour.

If you make a good-faith effort to follow this policy, we will treat your research as authorised, will not pursue or support legal action against you, and will work with you to understand and resolve the issue. Good faith means acting only against systems in scope, stopping as soon as you have confirmed a vulnerability, never accessing or altering data beyond what is needed to demonstrate the finding, and keeping the details confidential until we have had a reasonable chance to remediate.

What to expect from us.

We will acknowledge your report, keep you informed as we investigate, work to remediate valid findings on a timeline that reflects their severity, and let you know when the issue is resolved. We do not run a paid bounty programme, but we are glad to credit researchers publicly for valid, original reports where you would like the recognition.

Contact.

SIEGE BRAKE PTY LTD · Suite 573, 585 Little Collins Street, Melbourne VIC 3000 · 1300 743 433