Help to transform our extraordinary hospital into something even better.
- Refine search:
Report a vulnerability on a Sheffield Children’s Hospital domain or subdomain
A vulnerability is a technical issue with the Sheffield Children’s Hospital website which attackers or hackers could use to exploit the website and its users.
Vulnerabilities are covered by this policy if the security.txt file for the domain points to this page.
You will not be paid a reward for reporting a vulnerability (known as a ‘bug bounty’).
How to report a vulnerability
Include in your report:
Guidelines for reporting a vulnerability
When you are investigating and reporting the vulnerability on a Sheffield Children’s Hospital domain or subdomain, you must not:
Only submit reports about exploitable vulnerabilities through HackerOne.
Contact BBP to report any other issues including:
Data protection
You must follow data protection rules when reporting a vulnerability. This means you cannot share any data you might retrieve from Sheffield Children’s Hospital when researching the vulnerability.
You must keep the data secure until you delete it. You must delete the data as soon as we no longer need it or no later than 1 month after the vulnerability has been resolved – whichever comes first.
After you’ve reported the vulnerability
You’ll get confirmation that we have received your report within 5 working days. We’ll try to assess your report within 10 working days. We prioritise fixes by impact, severity and exploit complexity.
Once the vulnerability has been fixed, we can work with you to disclose and publish the report.
By continuing to use the site, you agree to the use of cookies. more information
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.