www.tech.gov.sg
Open in
urlscan Pro
2a0b:4d07:101::1
Public Scan
Submitted URL: https://tech.gov.sg/report_vulnerability
Effective URL: https://www.tech.gov.sg/report_vulnerability
Submission: On September 19 via api from SG — Scanned from DE
Effective URL: https://www.tech.gov.sg/report_vulnerability
Submission: On September 19 via api from SG — Scanned from DE
Form analysis 3 forms found in the DOM
GET /search/
<form action="/search/" method="get">
<div class="field has-addons">
<div class="control has-icons-left is-expanded">
<input class="input is-fullwidth" id="search-box-mobile" type="text" placeholder="What are you looking for?" name="query">
<span class="is-large is-left">
<i class="sgds-icon sgds-icon-search search-bar"></i>
</span>
</div>
</div>
</form>GET /search/
<form action="/search/" method="get">
<div class="field has-addons">
<div class="control has-icons-left is-expanded">
<input class="input is-fullwidth is-large" id="search-box" type="text" placeholder="What are you looking for?" name="query" autocomplete="off">
<span class="is-large is-left">
<i class="sgds-icon sgds-icon-search is-size-4 search-bar"></i>
</span>
</div>
<div class="control">
<button type="submit" class="bp-button is-secondary is-medium has-text-white search-button">SEARCH</button>
</div>
</div>
</form><form class="MessageInput__RootForm-cxrQfR djQSJV">
<div class="MessageInput__Wrapper-cwVmFG PpMLa">
<div class="MessageInput__InputWrapper-cziSxo dVaxBg">
<div class="InputBase__Root-blSEwV gchoOc MessageInput__Input-hGaxQr JHMFD" async="">
<div class="Scrollbar__StyledScrollbars-jyCEuY" style="position: relative; overflow: hidden; width: 100%; height: auto; min-height: 0px; max-height: 160px;">
<div style="position: relative; overflow: scroll; margin-right: 0px; margin-bottom: 0px; min-height: 0px; max-height: 160px;"><label class="InputBase__InputComponentWrap-bVNSMu fbVkZh"><textarea aria-label="Type your question ..."
autocomplete="on" placeholder="Type your question ..." type="text" rows="1" async="" class="InputBase__Textarea-dVIVMd bQIUAl" style="overflow-x: hidden; overflow-wrap: break-word; height: 19px;"></textarea></label></div><span
class="Scrollbar__Track-dkwWCH khihDK track-horizontal" style="display: none;"><span class="Scrollbar__Thumb-kThVKy yaUMD thumb-horizontal" style="display: none;"></span></span><span class="Scrollbar__Track-dkwWCH fdDiWE"
style="position: absolute; width: 6px; display: none;"><span class="Scrollbar__Thumb-kThVKy gKCtGL" style="position: relative; display: block; width: 100%;"></span></span>
</div>
<div class="InputBase__SuffixWrap-YqCqI kyJOsu"><button class="ButtonBase-hPyKZf IconButton__Button-spuPv iffEnB iWrFRz SendButton__IconButton-bdANYD bpVxhQ" disabled=""><span class="IconButton__Label-imSdWj kBUfHh"><svg viewBox="0 0 512 512"
width="16" height="16" fill="#818181" class="SvgIcon-ijSfsZ iNlZKO">
<path d="M476 3.2L12.5 270.6c-18.1 10.4-15.8 35.6 2.2 43.2L121 358.4l287.3-253.2c5.5-4.9 13.3 2.6 8.6 8.3L176 407v80.5c0 23.6 28.5 32.9 42.5 15.8L282 426l124.6 52.2c14.2 6 30.4-2.9 33-18.2l72-432C515 7.8 493.3-6.8 476 3.2z"></path>
</svg></span></button></div>
</div>
</div>
</div>
</form>Text Content
A Singapore government agency website. How to identify Official website links end with .gov.sg Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites Secure websites use HTTPS Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites. Digital Gov Transformation OverviewDigital Government BlueprintProducts and ServicesDigital Standards and GuidesGet Involved Who We Are Our RoleOur JourneyOur Culture and ValuesOur Digital Government RankingsOur StatisticsOur Team Careers How We HireHow We WorkStudents and GraduatesSmart Nation Fellowship ProgrammeThe GovTech Alumni NetworkApply Now Media AllCorporate PublicationsEventsMedia ReleasesSpeechesTechNewsBlogsAdvisory Contact Us Vulnerability Disclosure Programme SEARCH * HOME VULNERABILITY DISCLOSURE PROGRAMME As part of the Government Technology Agency’s (“GovTech”) ongoing efforts to ensure the cyber-security of Government internet-accessible applications used by the citizens, business and public sector employees, GovTech has established this suspected vulnerability disclosure programme (“VDP”) to encourage the responsible reporting of suspected vulnerabilities or weaknesses in IT services, systems, resources and/or processes which may potentially affect Government internet-accessible applications. We look forward to working with the cyber-security research community and members of the public to keep our services safe for all users. For clarity, the VDP does not authorise or permit the taking of any action which may contravene applicable laws and regulations (e.g. Computer Misuse Act). For the avoidance of doubt, attempts to exploit or test suspected vulnerabilities (e.g. gaining unauthorised access to any computer program or data) are prohibited. You are expected to conduct yourself responsibly at all times and if you are in any doubt about any proposed course of conduct, please contact us immediately at vulnerability_disclosure@tech.gov.sg. WHAT YOU CAN DO TO HELP a. Act responsibly for the sole purpose of reporting suspected vulnerabilities and safeguarding users from damage, harm or loss. b. Avoid causing any kind of damage, harm or loss to individuals or organisations (e.g. you should not attempt to test, reproduce or verify the suspected vulnerability, or take any action which may cause interruption or degradation of any Services). c. Conduct yourself in accordance with applicable laws and regulations at all times. If you have any doubt about such laws or regulations, please seek and obtain professional legal advice. Under no circumstances should you attempt to exfiltrate any computer data or publish details of any suspected vulnerability. d. Upon detection of a suspected vulnerability, notify us immediately or as soon as practicable by submitting a report to us at vulnerability_disclosure@tech.gov.sg. You may encrypt your emails to us using our PGP key. e. Where applicable, provide your name, email and mobile number in the suspected vulnerability report so that we may contact you for clarifications. Include the name(s) and email(s) of other person(s) to whom you may have disclosed the suspected vulnerability. f. Provide adequate information in the suspected vulnerability report so that we may work with you on validating the suspected vulnerability, including these details (where available): * Description of the suspected vulnerability. * IP address and/or URL of the subject Service. * Configuration and version of the subject software. * Description of the circumstances, including date(s) and time(s), leading to your reporting of the suspected vulnerability. * Description of the reason(s) why you believe the suspected vulnerability may impact the subject Service and the extent of such suspected potential impact (e.g. describe how you believe the suspected vulnerability might potentially operate). What NOT to do a. Act in any way which may contravene applicable laws and regulations (e.g. the Computer Misuse Act). b. Publish or publicly disclose any suspected vulnerability to any third party before it is resolved as malicious actors may exploit the suspected vulnerability to cause damage, harm or loss to individuals and organisations. c. Deploy destructive, disruptive or other unlawful means to detect vulnerabilities (e.g. attacks on physical security, social engineering, denial of service, brute force attacks). d. Exploit, test or otherwise use any suspected vulnerability (e.g. taking any step(s) to access, copy, create, delete, modify, manipulate or download any data or programme, build system backdoor(s), modify system configuration(s), facilitate or share system access). If you are in any doubt about any proposed course of conduct, please contact us immediately at vulnerability_disclosure@tech.gov.sg As part of the VDP, GovTech will: a. Act as coordinator between you and the relevant public sector agency or agencies (“Stakeholders”) which may possibly be affected by the suspected vulnerability. b. Acknowledge receipt of your suspected vulnerability report and notify the Stakeholders of the suspected vulnerability within generally 3 business days from our receipt of your report. c. Work with you and the Stakeholders to resolve any validated vulnerability within generally 90 business days from our receipt of your report. d. Upon the validation of your suspected vulnerability report and at our sole discretion, accord appropriate recognition to you for your contribution(s) in reporting and/or resolving the validated vulnerability. Please note that GovTech does not and will not in any way: a. Accord or provide you with any kind of exemption, immunity, indemnity or shield from civil or criminal liability (if any) under applicable laws and regulations. b. Be liable for any expense, damage or loss of any kind which you may incur due to any action taken or not taken by us in relation to any suspected vulnerability you may report. c. Accept or assume any responsibility for the contents of any suspected vulnerability report submitted by you, nor shall our acknowledgment or processing of such report constitute any kind of acceptance or endorsement of the contents therein. d. Be obliged to consult you for any media or public statement that we and/or any Stakeholders may decide to publish or release in relation to the suspected or validated vulnerability. e. Provide you with any cash reward or financial incentive of any kind for the detection and/or resolution of the validated vulnerability. -------------------------------------------------------------------------------- RELATED CONTENT * New Vulnerability Rewards Programme to test Resilience of Critical Government Systems * GovTech cybersecurity specialists zero in on zero-day vulnerabilities * Third Government Bug Bounty Programme offers bonus payouts for mobile applications * 31 vulnerabilities remediated in second Government Bug Bounty Programme * How the government chief information security officer keeps cyberspace secure - Part 2 https://www.tech.gov.sg/report_vulnerability GOVERNMENT TECHNOLOGY AGENCY Digital Gov Transformation Overview Digital Government Blueprint Products and Services Digital Standards and Guides Get Involved Who We Are Our Role Our Journey Our Culture and Values Our Digital Government Rankings Our Statistics Our Team Careers How We Hire How We Work Students and Graduates Smart Nation Fellowship Programme The GovTech Alumni Network Apply Now Media All Corporate Publications Events Media Releases Speeches TechNews Blogs Advisory Digital Gov Transformation Who We Are Careers Media * Contact Us * Feedback * Report Vulnerability * Privacy Statement * Terms of Use * Built with Isomer © 2021 Government Technology Agency Last Updated 17 Sep 2021 Ask Jamie @ GovTech Powered by flexAnswer ™ Ask Jamie @ GovTech