Report a security concern safely.

Contact

Send reports to security@mwsolutions-otsecurity.com. Include a clear description, affected URL or service, reproduction steps and the potential impact. Do not include unnecessary personal data or third-party confidential information.

Authorised scope

Only publicly accessible systems and domains explicitly owned and operated by MWSolutions are potentially in scope. Customer environments, suppliers, cloud services operated by third parties, employee accounts and any system not clearly identified as MWSolutions property are out of scope.

Not authorised

• Denial-of-service, resource exhaustion or disruptive testing
• Social engineering, phishing or physical access attempts
• Accessing, altering, retaining or publishing data beyond the minimum needed to demonstrate a concern
• Automated scanning that creates excessive traffic
• Testing customer, partner or supplier systems
• Any activity that affects safety, availability or ordinary service use

Good-faith handling

Reports will be reviewed and acknowledged when sufficient contact information is provided. We ask researchers to allow reasonable time for investigation and remediation and to coordinate before public disclosure. This page does not create a reward programme, contract or blanket authorisation to test.

Emergency and client incidents

This address is for security concerns involving MWSolutions-owned systems. Clients should use their contracted incident channel. Threats to life, safety or essential services should be reported through the appropriate emergency and regulatory channels.