Where possible, the System Owner(s) permission should be obtained before performing any actions, especially actions that may adversely affect the System Owner(s) and users. Informers should be deliberate and take due care when performing actions pertaining to assessing a vulnerability. This includes ensuring that the actions do not compromise the availability of systems and services, and avoiding actions that are not strictly necessary for the purposes of assessing, testing, or evaluating the security of the systems and services in order to ensure or safeguard their security.
Informers should comply with all applicable Singapore and foreign laws. This includes complying with the Singapore Computer Misuse Act (“CMA”) and refraining from actions that may constitute a breach of the CMA. You are advised to seek and obtain professional legal advice if you have any doubt about the scope and application of any law.
Informers can refer to the VDP for some illustrative, non-exhaustive examples of actions which should NOT be taken in the process of confirming or assessing a possible vulnerability.