Recommends and outlines best practices for "Informers" and "System Owners". The policy also explains in which cases SingCERT can/cannot act as a conduit between Informers and System Owners. Broadly speaking, "SingCERT supports RVD as a means of fostering cooperation between System Owner(s) and the wider cybersecurity community, so as to improve cybersecurity and build a trusted and resilient cyberspace." "System Owners are encouraged to develop their own vulnerability disclosure policies setting out how vulnerability reports will be received and handled, what the reports should contain, approaches for disclosure to affected users and the public, as well as any rewards policies." They are also encouraged to keep open contact with the former to take in more information and to update SingCERT and the Informer of its assessments.  If the Informer cannot reach the System Owner for some reason, SingCERT can act as a liaison between the two. For this process, that informer would report the vulnerability to SingCERT via email. 
 Version 2.0 of this manual was released in October 2024.