Vulnerability Disclosure Policy

Fei Yue is committed to ensuring the security and privacy of its systems and the data entrusted to it by its customers and users. We believe that working with the cybersecurity community is crucial to achieving this goal. We welcome responsible disclosure of security vulnerabilities by external researchers and security enthusiasts. This policy outlines the terms and conditions for reporting security vulnerabilities in Fei Yue systems and services.

SCOPE

This Vulnerability Disclosure Policy (VDP) covers all Fei Yue systems, websites, applications, and services, including those governed by the Cybersecurity Act and the Personal Data Protection Act (PDPA) in Singapore.

REPORTING VULNERABILITIES

If you discover a potential security vulnerability in any Fei Yue system or service, please report it promptly by following these steps:

  1. Contact our Cyber Security Team by sending an email to [email protected]. Include a detailed description of the vulnerability, including steps to reproduce it if exploitable accidentally and not to proceed further.
  2. Provide your contact information for coordination and communication. Encrypt sensitive information on your document media (e.g. Password Protection to encrypt the document).

RESPONSIBLE DISCLOSURE GUIDELINES

We expect security researchers and others who identify vulnerabilities to adhere to the following guidelines:

  1. Make every effort to avoid any privacy violations, data loss, or disruption of service while conducting security research.
  2. Do not publicly disclose the vulnerability before we have had reasonable time to investigate and address it.
  3. Allow Fei Yue a reasonable amount of time to resolve the issue before disclosing it to the public or regulatory authorities.
  4. Refrain from sharing or exploiting any discovered vulnerabilities beyond what is necessary to demonstrate the issue to our security team.

RESPONSE AND REMEDIATION

Upon receiving a vulnerability report, Fei Yue will:

  1. Acknowledge receipt of the report within [7] business days.
  2. Investigate the reported issue promptly.
  3. Take necessary steps to remediate and mitigate the vulnerability.
  4. Keep the reporter informed of the progress and estimated time to resolve the issue.

Fei Yue may acknowledge and recognize the responsible disclosure efforts of security researchers with their consent, subject to any legal or privacy restrictions.

LEGAL CONSIDERATIONS

Fei Yue will not pursue legal action against security researchers who report vulnerabilities responsibly, provided they adhere to this policy.

COMPLIANCE WITH LAWS AND REGULATIONS

This policy is designed to comply with the Cybersecurity Act and the Personal Data Protection Act (PDPA) of Singapore. We are committed to protecting your personal data in accordance with these regulations.

AMENDMENTS

Fei Yue reserves the right to modify this policy at any time.

CONTACT INFORMATION

For questions, concerns, or to report a vulnerability, please contact our Cyber Security Team at [email protected].

EFFECT OF NOTICE AND CHANGES TO NOTICE

  1. This Notice applies in conjunction with any other policies, notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
  2. We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued employment and participation in our recruitment process constitute your acknowledgement and acceptance of such changes.