Southbeach.sg Vulnerability Disclosure Policy
1. Purpose and Scope
This policy describes how security researchers can report vulnerabilities in our public assets.
In-scope:
– https://southbeach.sg
– *.southbeach.sg
Out-of-scope:
– Third-party services (e.g. payment gateways)
– Denial-of-service testing
2. Safe Harbor
We pledge not to pursue legal action against researchers acting in good faith and within the bounds of this policy. Please:
– Avoid testing beyond what is necessary to demonstrate a vulnerability
– Do not access data that does not belong to you
3. Reporting Guidelines
Please send reports to info@southbeach.sg. Include:
– Your name and affiliation (if any)
– A clear description of the issue
– Steps to reproduce, including URLs and screenshots
– Proof-of-concept code or payload (if applicable)
4. Response and Timeline
– Acknowledgement: within 72 hours
– Status updates: every 7 calendar days until resolution
– Resolution target: critical issues addressed within 30 days, others within 90 days
5. Disclosure Coordination
We ask that you agree to:
– Give us up to 90 days to fix high-severity issues before public disclosure
– Coordinate any blog posts or advisories with our security team
6. Legal Terms
All testing must comply with applicable laws and this policy. Unauthorized testing beyond its scope may lead to termination of safe-harbor protections.
Last updated: May 9, 2025