Vulnerability Insights Programme

Vulnerability Insights Programme (VIP) 

The NCSC’s Vulnerability Insights Programme (VIP) aims to proactively detect and notify customers about potential cyber security vulnerabilities affecting their systems.  

Alerts about critical CVEs and publicly disclosed breach data 

Have I Been Pwned’s (HIBP) government programme enables the NCSC to alert customers with New Zealand Government email addresses about data breaches. This includes alerts for email addresses ending in .govt.nz, .mil.nz, .cri.nz, .parliament.nz, and .health.nz.  

The NCSC also alerts customers about new common vulnerabilities and exposures (CVEs) that have been assessed as potentially impacting their systems.  

VIP scanning reports 

Customers who sign up for the scanning service will receive a monthly VIP report outlining the vulnerabilities visible on their internet-facing systems, along with supporting information to enable remediation. This service also provides one-off vulnerability alerts when a high-severity vulnerability is discovered.  

The VIP’s vulnerability detection complements NCSCs existing threat detection and disruption services provided through MFN and CORTEX. These services support but do not replace customers internally or externally provided network security.

 For more advice on cyber security investment, refer to the NCSC's guidance below: