Closed Sparrow0hawk closed 2 months ago
The service should have a vulnerability disclosure mechanism. GDS recommend using security.txt.
This involves hosting a small text file on the service either at /security.txt or /.well-known/security.txt
NCSC recommend that we use the following cross-government vulnerability disclosure form - https://vulnerability-reporting.service.security.gov.uk/
The service should have a vulnerability disclosure mechanism. GDS recommend using security.txt.
This involves hosting a small text file on the service either at /security.txt or /.well-known/security.txt
NCSC recommend that we use the following cross-government vulnerability disclosure form - https://vulnerability-reporting.service.security.gov.uk/