Vulnerability Reporting

We take the security of our website and services seriously and value the contributions of security researchers who help us maintain a safe and secure environment. If you have discovered a vulnerability, please follow these guidelines for responsible disclosure:

Contact method

All vulnerabilities must be reported via email to our dedicated security address: nclicb.gpwebsitemanager@nhs.net
This is the only accepted communication channel for security-related matters.

Information to include

To help us address the issue efficiently, please provide:

  • a detailed description of the vulnerability, including steps to reproduce it
  • any potential impacts or risks associated with the vulnerability
  • screenshots, videos, or code snippets as necessary to illustrate the issue.

Expectations

  • Do not publicly disclose the vulnerability before we have had a chance to investigate and address it.
  • Do allow a reasonable time frame for us to resolve the issue.
  • Do avoid accessing, modifying, or deleting any data that does not belong to you during your research.

We appreciate your efforts in helping us maintain a secure website and will acknowledge valid reports. Thank you for your responsible disclosure.