Synapxe, on behalf of the Public Healthcare entities in Singapore, has embarked on a Vulnerability Disclosure Programme (VDP) with Hackerone. The programme is part of our continuous effort to proactively discover and remediate security vulnerabilities in our public healthcare digital assets before they are exploited by malicious threat actors.

We encourage security researchers and other participants to responsibly report suspected vulnerabilities or weaknesses in Synapxe’s and/or public healthcare entities’ IT services, systems and websites, without contravening all applicable laws and regulations (e.g., Computer Misuse Act, etc.).

For the avoidance of doubt, attempts to exploit or test vulnerabilities (e.g., gaining unauthorised access to any computer programme or data) is prohibited.

After validating your vulnerability report submission, we may at our sole discretion provide appropriate recognition to you for your contribution. However, we will not provide any cash reward or financial incentive of any kind for the validated vulnerability.

Participation in the programme is voluntary and is subject to the terms and conditions of this VDP as described in the Synapxe/Hackerone VDP policy page and can also be accessed here. By submitting a report, you acknowledge and agree to these terms and conditions.

We reserve the right to amend any part of this page at any time at our sole and absolute discretion without any advance notice. Your participation and continued participation in the VDP constitutes your acknowledgement and acceptance of the amendments.