Responsible and ethical disclosure

A vulnerability is a technical issue with the www.healthinote.com website which attackers or hackers could use to exploit the website and its users.

How to report a vulnerability

Include in your report:

  • the IP address and/or URL of the page where you found the vulnerability
  • a description of the type of vulnerability – for example, XSS vulnerability
  • details of the steps we need to take to reproduce the vulnerability
  • screenshots or logs if you have them

Report a vulnerability to security@cognitant.com

Guidelines for reporting a vulnerability

When you are investigating and reporting the vulnerability, you must not:

  • break the law
  • access unnecessary or excessive amounts of data
  • modify data
  • use high-intensity invasive or destructive scanning tools to find vulnerabilities
  • tell other people about the vulnerability you have found until we have disclosed it
  • social engineer, phish or physically attack our staff or infrastructure
  • demand money to disclose a vulnerability

Only submit reports about exploitable vulnerabilities through security@cognitant.com

Contact security@cognitant.com to report other issues including:

  • a non-exploitable vulnerability
  • something you think could be improved – for example, missing security headers
  • TLS configuration weaknesses – for example weak cipher suite support or the presence of TLS1.0 support

Data protection

You must follow data protection rules described at GOV.UK when reporting a vulnerability.

After you’ve reported the vulnerability

You’ll get confirmation that we have received your report. We’ll try to assess your report within 2 working days. We prioritise fixes by impact, severity and exploit complexity.