The service should have a vulnerability disclosure mechanism. GDS recommend using security.txt.
This involves hosting a small text file on the service either at /security.txt or /.well-known/security.txt.
NCSC recommend that we use the cross-government vulnerability disclosure form.
The service should have a vulnerability disclosure mechanism. GDS recommend using security.txt.
This involves hosting a small text file on the service either at
/security.txtor/.well-known/security.txt.NCSC recommend that we use the cross-government vulnerability disclosure form.