Singapore Pools has established a suspected
vulnerability disclosure policy to encourage the reporting of suspected vulnerabilities
in our IT services/system, to ensure the cyber-security of our
internet-accessible application.
How and What to Report:
Your name and contact number to facilitate clarifications.
Date(s) and time(s) of the suspected vulnerability.
IP address and/or URL of the subject service.
Description of the suspected vulnerabilities including reasons why you believe the suspected vulnerability may impact the subject service, how you detect it and its potential impact if applicable.
Any other information that may substantiate or validate the suspected vulnerability.
Our vulnerability disclosure policy does not permit taking of any action which may violate applicable laws and regulations such as Computer Misuse Act.
Do not attempt to exploit or test suspected vulnerabilities like gaining unauthorised access to our systems or taking actions to exfiltrate any data or publish details of any suspected vulnerability, which may cause interruption or degradation of any services.
No cash or monetary incentive of any kind will be given for reporting or detecting the vulnerability.
Singapore Pools will not be liable or accept any responsibility for any expense, or loss of any kind which may incur due to any action taken or not taken by us in relation to any suspected vulnerability that you have reported.
Acknowledgment or processing of such report shall not constitute any kind of acceptance or endorsement of the contents therein.
Subject to applicable laws and regulations, Singapore Pools will protect the confidentiality of the person who reported the issue.