The Singapore government is expanding its bug bounty programme to enable which white hat hackers to earn up to $5,000 for vulnerabilities they report through HackerOne.
The Government Technology Agency (GovTech) has launched a new Vulnerability Rewards Programme (VRP) as part of its Government Bug Bounty Programme (GBBP) and Vulnerability Disclosure Programme (VDP) which it says will supplement its suite of cyber security capabilities.
The VRP aims to continuously test a wider range of critical ICT systems necessary for the continuous delivery of essential services in the country’s digital economy, the government stated.
The programme offers monetary rewards ranging from $250 to $5,000 to white hat hackers depending on the severity of vulnerabilities discovered. It is also offering a special bounty of $150,000 for the discovery of vulnerabilities that could cause “exceptional impact on selected systems and data”, which is benchmarked against other bounty programmes conducted by global tech firms like Google and Microsoft.
“Since the launch of our first crowdsourced vulnerability discovery programme in 2018, we have partnered with over 1,000 highly skilled white hat hackers to discover about 500 valid vulnerabilities,” said Lim Bee Kwan, assistant chief executive for governance and cybersecurity at GovTech.
RELATED RESOURCE
The Total Economic Impact™ of Mimecast
Cost savings and business benefits enabled by using Mimecast with Microsoft 365
“The new Vulnerability Rewards Programme will allow the Government to further tap the global pool of cybersecurity talents to put our critical systems to the test, keeping citizens’ data secured to build a safe and secure Smart Nation.”
Currently, the programme will cover three systems, Singpass and Corppass (GovTech), Member e-services (Ministry of Manpower), and Workpass Integrated System 2 (Ministry of Manpower), with more critical ICT systems set to be added to the programme in the future.
The government said that only white hat hackers who have met strict criteria will be allowed to participate, as “these are systems that are critical to the delivery of essential government services”. The checks will be carried out by HackerOne and registered participants will carry out security testing through a VPN, which will also be provided by the bug bounty company.
-
Should your business start a bug bounty program?In-depth Big tech firms including Google, Apple and Microsoft offer bug bounty programs, but can they benefit smaller businesses too?
-
OpenAI to pay up to $20k in rewards through new bug bounty programNews The move follows a period of unrest over data security concerns
-
Latitude Financial's data policies questioned after more than 14 million records stolenNews Some of the data is from at least 2005 and includes customers’ name, address, and date of birth
-
Latitude hack now under state investigation as customers struggle to protect their accountsNews The cyber attack has affected around 330,000 customers, although the company has said this is likely to increase
-
IDCARE: Meet the cyber security charity shaping Australia and New Zealand's data breach responseCase Studies IDCARE is recruiting a reserve army to turbocharge the fightback against cyber crime not just in the region, but in the interests of victims all over the world
-
Australia commits to establishing second national cyber security agencyNews The country is still aiming to be the most cyber-secure country in the world by 2030
-
Medibank bleeds $26 million in cyber costs following hackNews The company believes this figure could rise to $45 million for the 2023 financial year
-
TikTok's two new European data centres to address data protection concernsNews The company is under pressure to prove its user data isn’t being accessed by the Chinese state
