The NHSBSA take security seriously. We appreciate your efforts to responsibly disclose your findings.

If you think you have found a security vulnerability in this codebase please DO NOT disclose it publicly until we've had a chance to fix it. We strongly encourage people to report security vulnerabilities privately to our security team before disclosing them in a public forum.

Please do not report security vulnerabilities as a defect.

To report a security issue, email nhsbsa.security.txt@nhs.net and include the word "SECURITY" in the subject line.

Report security bugs in third-party modules to the person or team maintaining the module.

If you have suggestions on how this policy could be improved please submit a pull request.