New rewards programme tests resilience of Government systems

Share
Ethical hackers who discover and report security issues in government systems will be offered cash rewards by the Government Technology Agency’s programme

The Government Technology Agency (GovTech), a statutory board of the Singapore government, has launched a new Vulnerability Rewards Programme (VRP) to supplement the existing Government Bug Bounty Programme (GBBP) and Vulnerability Disclosure Programme (VDP). 

The agency has announced the VRP to crowdsource cyber-security expertise from the global ethical or "white hat" hacker community. Bugs found will be reported to the respective agency for remediation.

The rewards range from US$200 to US$5,000, depending on the severity of the vulnerabilities discovered. A special bounty of up to US$150,000 will be awarded for the discovery of vulnerabilities that could cause "exceptional" impact on selected systems and data. The special bounty is benchmarked against crowdsourced vulnerability programmes conducted by global technology firms such as Google and Microsoft. 

Ms Lim Bee Kwan, Assistant Chief Executive for Governance and Cybersecurity, GovTech, said, “Since the launch of our first crowdsourced vulnerability discovery programme in 2018, we have partnered with over 1,000 highly skilled white hat hackers to discover about 500 valid vulnerabilities. The new Vulnerability Rewards Programme will allow the Government to further tap the global pool of cybersecurity talents to put our critical systems to the test, keeping citizens’ data secured to build a safe and secure Smart Nation.”

 

How will the programme work? 

 

The programme will run continuously and cover three systems: Singpass and Corppass; member e-services under the Ministry of Manpower (MOM) and Central Provident Fund; and the MOM's Work Pass Integrated System. Other critical ICT systems will be progressively added to the programme.

These critical systems provide essential digital government services, so only white hat hackers who are vetted and meet strict criteria, or who are specifically invited, will be allowed to participate, GovTech said. Background checks will be conducted by HackerOne, a bug bounty platform and community of cyber-security experts and white hat hackers.

Registered participants will conduct security testing through a designated virtual private network (VPN) provided by HackerOne.

Together, the three crowdsourced vulnerability discovery programmes supplement GovTech’s suite of cybersecurity capabilities to safeguard the Government’s Infocomm Technology and Smart Systems (ICT&SS). They offer a blend of continuous reporting and seasonal in-depth testing capabilities that taps the larger community, in addition to routine penetration testing conducted by the Government. 

 

Share

Featured Articles

Resilience: Firms Fail to Grasp Cyber Financial Impact

Resilience and YouGov survey reveals 74% of mid to large UK businesses face cybercrime, while ransomware understanding lags behind data breach concerns

SonicWall and CrowdStrike Unite for SMB Security Service

SonicWall partners with endpoint protection specialist CrowdStrike to offer managed detection and response capabilities through managed service providers

FS-ISAC CISO Talks Cyber Strategies for Financial Providers

FS-ISAC CISO JD Denning explains the cyber strategies financial providers need to adopt in order to stay afloat in the wave of cyber attacks

Darktrace Reports 692% Surge in Black Friday Cyber Scams

Cyber Security

KnowBe4 Launches AI Agents to Counter Phishing Threats

Technology & AI

Gen Reports 614% Rise in Command Prompt Manipulation Scams

Cyber Security