New rewards programme tests resilience of Government systems

Ethical hackers who discover and report security issues in government systems will be offered cash rewards by the Government Technology Agency’s programme

The Government Technology Agency (GovTech), a statutory board of the Singapore government, has launched a new Vulnerability Rewards Programme (VRP) to supplement the existing Government Bug Bounty Programme (GBBP) and Vulnerability Disclosure Programme (VDP). 

The agency has announced the VRP to crowdsource cyber-security expertise from the global ethical or "white hat" hacker community. Bugs found will be reported to the respective agency for remediation.

The rewards range from US$200 to US$5,000, depending on the severity of the vulnerabilities discovered. A special bounty of up to US$150,000 will be awarded for the discovery of vulnerabilities that could cause "exceptional" impact on selected systems and data. The special bounty is benchmarked against crowdsourced vulnerability programmes conducted by global technology firms such as Google and Microsoft. 

Ms Lim Bee Kwan, Assistant Chief Executive for Governance and Cybersecurity, GovTech, said, “Since the launch of our first crowdsourced vulnerability discovery programme in 2018, we have partnered with over 1,000 highly skilled white hat hackers to discover about 500 valid vulnerabilities. The new Vulnerability Rewards Programme will allow the Government to further tap the global pool of cybersecurity talents to put our critical systems to the test, keeping citizens’ data secured to build a safe and secure Smart Nation.”


How will the programme work? 


The programme will run continuously and cover three systems: Singpass and Corppass; member e-services under the Ministry of Manpower (MOM) and Central Provident Fund; and the MOM's Work Pass Integrated System. Other critical ICT systems will be progressively added to the programme.

These critical systems provide essential digital government services, so only white hat hackers who are vetted and meet strict criteria, or who are specifically invited, will be allowed to participate, GovTech said. Background checks will be conducted by HackerOne, a bug bounty platform and community of cyber-security experts and white hat hackers.

Registered participants will conduct security testing through a designated virtual private network (VPN) provided by HackerOne.

Together, the three crowdsourced vulnerability discovery programmes supplement GovTech’s suite of cybersecurity capabilities to safeguard the Government’s Infocomm Technology and Smart Systems (ICT&SS). They offer a blend of continuous reporting and seasonal in-depth testing capabilities that taps the larger community, in addition to routine penetration testing conducted by the Government. 



Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI