Overview
- Jacob Riggs, 36, identified a critical vulnerability in a live Department of Foreign Affairs and Trade system in July while his application was under review.
- DFAT acknowledged his responsible disclosure on its Vulnerability Disclosure Program honour roll, and Riggs said the department responded and remediated quickly.
- Riggs serves as global director of information security at a large SaaS provider and plans to move to Sydney within the next 12 months to work in cyber defence.
- The visa, which replaced the Global Talent visa, is reported to approve fewer than 1% of applicants, with VisaEnvoy citing more than 9,000 expressions of interest, 304 invitations and about 85 grants since commencement.
- Cybersecurity researcher Jamieson O’Reilly said the case highlights gaps in government security testing, noting the flaw survived internal reviews, annual IRAP assessments and two outsourced penetration tests before an external report.