Government Technology Agency of Singapore invites hackers to find security weaknesses in 12 government systems
HackerOne, the Singaporean Government Technology Agency (GovTech) supported by and Cyber Security Agency of Singapore (CSA) announced the launch of the third Government Bug Bounty Program (GBBP). This latest program is the fifth bug bounty challenge run by the Singapore Government in partnership with HackerOne, in addition to GovTech’s ongoing Vulnerability Disclosure Program (VDP) launched just last month.
The three-week challenge will run from November 18 to December 8, 2019, inviting international and local ethical hackers to discover and disclose security weaknesses across 12 internet-facing government Information and Communication Technology (ICT) systems, digital services and mobile applications with high user traffic. In exchange for finding valid weaknesses, hackers will earn monetary rewards, or bounties, ranging from US$250 to US$10,000 based on the severity of the discovery. In addition, hackers can earn a bonus of US$500 on top of any bounty for anything found on mobile applications due to their complex nature.
GovTech’s first bug bounty challenge was launched in December 2018 and saw participation from nearly 400 participants internationally who discovered 26 vulnerabilities and earned US$11,750 in bounties. GovTech’s second program ran in July 2019 where 300 hackers reported 31 vulnerabilities and earned US$25,950 in bounties for confirmed findings. Following the success of the first two GBBPs with HackerOne, the government agency has continued to invest in hacker-powered security with this latest initiative.