Disclosure Statement
WJEC welcomes responsible disclosure of vulnerabilities and will endeavour to resolve any reported issues within a reasonable timeframe.
Disclosures should be made to security@wjec.co.uk, detailing the location and nature of the issue and should include, where applicable: URL, steps to exploit/proof-of-concept and any output that demonstrates the issue.
WJEC does not operate a bug bounty programme and is unable to provide any financial reward for disclosure.
Any attempt to gain unauthorised access to WJEC systems in violation of the Computer Misuse Act 1993 or other applicable local laws will be reported to the relevant authorities.