Computer systems always seem to have problems and vulnerabilities. Some data breaches occur because of those vulnerabilities. If you spot a vulnerability or security flaw in a website, you can first report it to the organisation. They are generally happy to hear about a problem, so they can fix it.
But you may find yourself in a situation where you do not want to have direct contact with the organisation. You might have had bad experiences in the past when reporting a problem. Or you might be concerned about how reporting a problem to an organisation might affect its dealings with you.
There have been cases where security researchers have received threatening legal letters for trying to do the right thing. Rather than take responsibility for the problem, an agency might try to blame the whistleblower.
In such cases, you need a trustworthy third party to pass the report on.
CERT NZ can act as that trusted third party for you. CERT NZ is a newly-established government clearing-house for reports of computer security incidents. It also gives support and guidance on computer security and incidents.
You can find out more about how CERT NZ passes on disclosures of vulnerabilities.
Image credit: CERT NZ