Overview
- He received the 858 National Innovation visa in December after a seven-month process and plans to relocate to Sydney within 12 months.
- In July, working from his home in Bexley, London, he identified a DFAT live-system weakness of critical severity in about one hour and 50 minutes and reported it under the agency’s disclosure policy.
- DFAT acknowledged the submission and added him to its Vulnerability Disclosure Program honour roll, with Riggs saying the department responded and remediated quickly.
- Reporting cites VisaEnvoy data showing more than 9,000 expressions of interest since the program’s launch, with only 304 invitations and about 85 visas granted.
- Security professionals say the case highlights gaps in government security testing and procurement after the flaw passed IRAP reviews and two outsourced penetration tests.