Vulnerability Disclosure Policy
KGS prioritizes the security of our customers' data and the reliability of the products and services we offer. This statement establishes clear guidelines for cyber security personnel to responsibly discover and report vulnerabilities within our systems.
For all cyber security personnel
We appreciate the efforts of cyber security personnel who help us identify and address potential weaknesses in our infrastructure. This activity encourages responsible vulnerability disclosure, enabling us to proactively improve our security posture.
How to Participate
If you have uncovered a vulnerability in a KGS product or service, please submit a report via an email address . It provides a secure channel for reporting vulnerabilities and facilitates communication throughout the process.
What We Don’t Allow
To ensure a productive collaboration, we kindly ask you to not engage or participate in any way in the following activities:
- Illegal Activities: Actions violating any laws or regulations during the vulnerability discovery process.
- Denial-of-Service (DoS) Attacks: Any attempts to disrupt or disable our services.
- Exploitation: Leveraging discovered vulnerabilities for unauthorized access or malicious purposes.
- Social Engineering or Spam: Techniques aimed at manipulating users or spreading unwanted information.
- Physical Security Testing: Attempts to assess the physical security of our facilities.
- Data Misuse: Unauthorized access, modification, destruction, or misuse of user data or system files.
The KGS policy
KGS understands the importance of robust security and reliable products. We acknowledge that even with best efforts, vulnerabilities may still exist. This program allows responsible cyber security personnel to collaborate with us in addressing potential issues.
Reporting and Recognition
We value the contributions of security researchers who identify and report vulnerabilities. By working together, we can enhance the overall security and reliability of our offerings.
To this end:
- Reporting Method: You will submit vulnerability reports using the designated form on the KEXIM website.
- Ownership and Rights: You confirm that the report and any associated findings will become the property of KGS.
- Legality: You confirm that your actions comply with all applicable laws and regulations throughout the disclosure process.
- Good Intentions: You assure that there is no malicious intent to harm KGS, its stakeholders, or its data.
- Confidentiality: You agree to keep the details of the reported vulnerability and the fact of the report confidential.
- Voluntary Contact: You agree that providing contact information is optional and does not guarantee a response from KGS.
- Data Integrity: You will not exploit the vulnerability or access/modify data without authorization.
- Responsible Testing: You agree to refrain from social engineering, denial-of-service attacks, or physical security testing.
Governing law and Jurisdiction
Nothing herein shall be construed as a representation by KGS that the information and materials contained in or accessed through this website is appropriate or available for use in geographic areas or jurisdictions other than Singapore. By accessing this website and/or using the online services, you agree that such access and/or use, as well as these terms and conditions shall be governed by, and construed in accordance with, the laws of Singapore and you agree to submit to the non-exclusive jurisdiction of the Singapore courts.