Report Vulnerability

Corporate Form

M1 Vulnerability Disclosure Policy

M1 is committed to ensuring the safety, reliability and security of our platforms, products and services.

If you believe you have found a security issue in any of our products or services, you are encouraged to report the potential vulnerabilities identified using the form at the bottom of the page.

Please note that submission of your report implies your acceptance of the terms herein.

M1 Vulnerability Disclosure Policy

We are committed to protecting the privacy and security of our customers’ data, and ensuring reliability of our products and services. Therefore, we aim to design and make products and services with the highest levels of security and reliability. Despite our best efforts, due to the highly complex, sophisticated nature and ongoing advancements of our products and services, vulnerabilities and errors may still be present in our products and services..

This policy describes M1’s approach to requesting and receiving reports related to potential vulnerabilities and errors in its products and services.

Customers, users, partners and any other person that interacts with M1’s products and services are encouraged to report identified vulnerabilities and errors by using the form on this page.

M1 highly appreciates the efforts made by the reporting party in identifying the vulnerability or error which will contribute to improving the security and reliability of our product and services.

Please note that supplying your contact information with your report is entirely voluntary and at your discretion. M1 will make use of all reports that are submitted; both those submitted anonymously and those with contact information. If you do submit your contact information (or any other personal information), you are providing M1 with express consent for the collection, use and/or disclosure of information (including personal information) for the purposes set out in this policy. M1 will only use such information to get in touch with you regarding clarifying the details of your report, if necessary. Please visit M1’s Data Protection Policy to understand how we collect, use and disclose your personal data: https://www.m1.com.sg/DataProtectionPolicy

By making a report to M1 using the form on this page, or otherwise communicating a report (including any follow up clarifications or questions) to M1, regarding vulnerabilities and errors, you agree to be bound by the following terms:

M1 may use your report for any purpose deemed relevant by M1, including without limitation, for the purpose of correcting any vulnerabilities and errors that are reported and that M1 deems to exist and to require correction.
To the extent that you propose any changes and/or improvements to a M1 product or service in your report, you assign to M1 all use and ownership rights to such proposals.
You have not exploited or used in any manner, and will not exploit or use in any manner (other than for the purposes of reporting to M1), the discovered vulnerabilities and/or errors.
You have not engaged, and will not engage, in testing/research of systems, platforms, products and services with the intention or effect of causing damage, losses or any harm to M1, its customers, employees, partners or suppliers.
You have not used, misused, deleted, altered, destroyed, retained, transferred or disclosed, and will not use, misuse, delete, alter, destroy, retain, transfer or disclose any data that you have accessed or may be able to access in relation to the vulnerability and/or error discovered.
You have not conducted, and will not conduct, social engineering, spamming, phishing, denial-of-service or resource-exhaustion attacks.
You have not tested, and will not test, the physical security of any property, building or facility of M1.
You agree that the report is made without any expectation or requirement of reward or other benefit, financial or otherwise, for making such report, and without any expectation or requirement that the vulnerabilities and/or errors reported are corrected by M1.
You have not breached, and will not breach, any applicable laws and regulations in connection with your report and your interaction with M1’s product or service that lead to your report. This policy does not authorise or permit you to take any action which may contravene applicable laws and regulations.
You agree not to disclose to any third party any information related to your report, the vulnerabilities and/or errors reported, any other vulnerabilities or potential vulnerabilities discovered, nor the fact that vulnerabilities and/or errors have been reported to M1.
You shall not resell or redistribute M1’s data and information.
You agree not to access or attempt to access any person’s personal data during your testing (this includes, but is not limited to, M1’s personnel and customers and/or any other data that could be considered personal data). If you gain access to any personal data while testing, stop and alert us immediately. You agree not to store, transfer, transmit, copy, create derivable works from, or disclose any personal data and/or M1 data (save to the extent required for you to submit your report to M1).
M1 does not guarantee that you will receive any response from M1 related to your report. M1 will only contact your regarding your report if M1 deems it necessary. M1 will not be obliged to consult you for media or public release of statements of the potential or validated vulnerabilities.
M1 will not be obliged to consult you for media or public release of statements of the potential or validated vulnerabilities.
You agree (i) to hold Confidential Information in strict confidence, (ii) to protect such Confidential Information from any unauthorized use or disclosure, (iii) not to disclose such Confidential Information to any third party including the public, (iv) not to use such Confidential Information for any purpose outside the scope of participating in M1’s vulnerability disclosure program hereunder, and (v) to notify M1 immediately (through the VDP form below) upon discovery of any (actual or potential) loss or unauthorized disclosure of Confidential Information. For the purposes of this policy, “Confidential Information” means (i) all of M1’s information obtained during your security testing or via any other means through your participation M1’s vulnerability disclosure program hereunder, and (ii) all submissions by you. Confidential Information does not include information that (a) is or becomes publicly available through no fault of your own and without breaching these provisions, or (b) is independently developed without use of or reference to Confidential Information.

Vulnerability Summary

Your Report Title (250 char maximum)

Product/website Concerned (250 char maximum)

Technical Details

Bug Type *

Endpoint

Select a vulnerable part *

Enter Part Name (250 char maximum)

Payload

Technical environment (OS, Browser, Tools, Version - 250 char maximum)

CVE

Select Impact

Vulnerability Description

Technical description *

Reporter Information

Your Name

Your Email Address

Your PGP Public Key

I agree with Disclosure Policy.

By submitting a report, security researcher warrants that the report and any attachments do not violate the intellectual property rights of any third party and the security researcher assigns free of charge to the receiving company who accepts all intellectual property rights.

Please complete the reCAPTCHA.