Vulnerability Disclosure
Welcome to Our Security Reporting Platform
​
At SMP, we prioritize the security and integrity of our IT systems. As part of our commitment to maintaining a robust and resilient infrastructure, we invite users, security researchers, and concerned individuals to contribute to our cybersecurity efforts by reporting suspected vulnerabilities or weaknesses of our IT systems you may encounter.
​
Please note that we do not authorize or permit anyone in the taking of any action which may contravene any written laws.
Why Report
to Us?
Your insights are invaluable in helping us identify and address potential security issues before they can be exploited. By partnering with our users and the wider community, we aim to create a safe and secure digital environment for all users.
What to Report?
We encourage users to report any suspected vulnerabilities or weaknesses in our IT systems. This may include, but not limited to:
1. Security Misconfigurations
2. Software Bugs or Exploitable Weaknesses
3. Unauthorised Access or Data Exposure
4. Denial-of-Service (DoS) Attacks
5. Phishing Attempts Impersonating us
6. Any other security concerns
How to Report?
Please click here to report.
Please note that all reports submitted to us will be kept confidential.
Your Conduct in Reporting
By submitting a report, you are bound to the following:
1. Act responsibly for the sole purpose of reporting suspected vulnerabilities and safeguarding users from damage.
2. Avoid causing any kind of damage, harm or loss to individuals or organisation including but not limited to test, reproduce or verify the suspected vulnerability, or take any action which may cause interruption to or degradation of any services within our website.
3. Complying to all laws and regulations at all times. Should you have any doubt about such laws, please seek professional legal advice.
4. Under no circumstances, you must not attempt to exfiltrate any computer data or publish details of any suspected vulnerability.
What We Need?
Please provide us your name, email address and mobile number in the report so that we may contact you for clarifications. You may include the name(s) and email(s) of other person(s) to whom you may have disclosed the suspected vulnerability or informed you of the suspected vulnerability.
​
Please share with us adequate information in the report so that we may work with you on validating the suspected vulnerability. Please include these details (where available):
1. Description of the suspected vulerability
2. IP address and/or MAC address and/or URL of the subject service
3. Configuration and version of the subject software
4. Description of the circumstances, including date(s) and time(s), leading to your reporting of the suspected vulnerability.
5. Description of the reason(s) why you believe the suspected vulnerability may impact the subject service and the extent of such suspected potential impact.
Work
with You
We would -
1. Act as coordinator between you and our service provider or relevant authorities ("relevant parties") for the services in our website which may be affected by the suspected vulnerability.
2. Acknowledge receipt of your report and notify the relevant parties as soon as possible from our receipt of your report.
3. Work with you and relevant parties to resolve any validated vulnerabilities from our receipt of your report.
4. Upon the validation of your report and at our sole discretion, accord appropriate recognition to you for your contribution(s) in reporting and/or resolving the validated vulnerability.
We will
NEVER
1. Accord or provide you with any kind of exemption, immunity, indemnity or shield from civil or criminal liability (if any) under any laws and regulations.
2. Be liable for any expense, damage or loss of any kind which you may incur due to any action taken or not taken by us in relation to any suspected vulnerability you may report.
3. Accept or assume any responsibility for the contents of any suspected vulnerability report submitted by you, nor shall our acknowledgment or processing of such report constitute any kind of acceptance or endorsement of the contents therein.
4. Be obliged to consult you for any media or public statement that we may decide to publish or release in relation to the suspected or validated vulnerability.
5. Provide you with any cash reward or financial incentive of any kind for the detection and/or resolution of the validated vulnerability.
Thank You
We thank you for your contribution in keeping our website and services safe and secure.