Trust Centre

Vulnerability Disclosure Policy

OPIE Platform — responsible security research and reporting

+ 61 2 4728 6111

Document: Vulnerability Disclosure Policy

OPIE Platform — Vulnerability Disclosure Policy

Version: 2026.1

Effective date: 30 June 2026

Last updated: 30 June 2026

1. Purpose

OPIE Manufacturing Group welcomes responsible disclosure of genuine security vulnerabilities affecting the OPIE Platform.

If you believe you have identified a security issue, we encourage you to report it so it can be investigated and resolved promptly.

2. Scope

This policy applies to publicly accessible OPIE Platform websites and services.

It does not authorise testing against:

  • customer systems;
  • third-party services;
  • supplier systems;
  • denial-of-service testing;
  • social engineering;
  • phishing campaigns;
  • physical security testing.

3. Responsible research

We ask that researchers:

  • act in good faith;
  • minimise impact on customers;
  • avoid accessing unnecessary data;
  • stop testing once a vulnerability is confirmed;
  • report vulnerabilities privately;
  • allow reasonable time for investigation before public disclosure.

4. Prohibited activities

Do not:

  • access personal information unnecessarily;
  • modify customer data;
  • delete data;
  • interrupt services;
  • install malware;
  • exploit vulnerabilities beyond what is reasonably necessary to demonstrate the issue.

5. Reporting a vulnerability

Please include where possible:

  • affected URL or service;
  • description of the issue;
  • steps to reproduce;
  • screenshots where appropriate;
  • proof of concept (if safe);
  • your contact details.

Reports should be submitted to security@opiegroup.com.au or using the security contact details published in the Trust Centre.

6. Our commitment

Where reports are submitted in good faith, OPIE will:

  • acknowledge receipt;
  • investigate the report;
  • work to validate the issue;
  • prioritise remediation based on risk;
  • keep the reporter informed where appropriate.

7. Safe harbour

We will not pursue legal action against security researchers who:

  • act in good faith;
  • comply with this policy;
  • avoid causing harm;
  • do not access or disclose personal information unnecessarily;
  • provide us with a reasonable opportunity to resolve the issue before public disclosure.

This statement does not authorise activities that are unlawful or extend beyond the scope of this policy.

8. Public disclosure

We ask that vulnerabilities are not publicly disclosed until:

  • OPIE has had a reasonable opportunity to investigate and remediate the issue; or
  • a coordinated disclosure timeline has been agreed.

9. Contact

Security reports should be submitted to security@opiegroup.com.au.

Please do not use general sales or customer support channels for reporting security vulnerabilities.

Document control

Version
2026.1
Effective
30 June 2026
Owner
OPIE Manufacturing Group Pty Ltd
Review
Annual
Next review
30 June 2027