As part of the Government Technology Agency’s (“GovTech”) ongoing efforts to ensure the cyber-security of Government internet-accessible applications used by the citizens, business and public sector employees, GovTech has established this suspected vulnerability disclosure programme (“VDP”) to encourage the responsible reporting of suspected vulnerabilities or weaknesses in IT services, systems, resources and/or processes which may potentially affect Government internet-accessible applications. GovtTech looks forward to working with the cyber-security research community and members of the public to keep the services safe for all users.
For clarity, the VDP does not authorise or permit the taking of any action which may contravene applicable laws and regulations (e.g. Computer Misuse Act). For the avoidance of doubt, attempts to exploit or test suspected vulnerabilities (e.g. gaining unauthorised access to any computer program or data) are prohibited.
You are expected to conduct yourself responsibly at all times and if you are in any doubt about any proposed course of conduct, please contact GovTech immediately at firstname.lastname@example.org.