Security Experts:

Connect with us

Hi, what are you looking for?



Singapore Ministry of Defence Launches New Bug Bounty Program

Singapore’s Ministry of Defence (MINDEF) is inviting 400 white-hat hackers to find vulnerabilities in its systems, as part of a three-week program hosted on hacker-powered pentesting and bug bounty platform HackerOne.

Singapore’s Ministry of Defence (MINDEF) is inviting 400 white-hat hackers to find vulnerabilities in its systems, as part of a three-week program hosted on hacker-powered pentesting and bug bounty platform HackerOne.

Running from September 30, 2019 to October 21, 2019, the three-week challenge targets 11 government-owned resources, including websites and public digital systems belonging to MINDEF/Singapore Armed Forces (SAF) and other defense agencies. 

MINDEF seeks to improve the security stance of these systems by inviting hackers to test them for security weaknesses so they can be patched. This year, the challenge also focuses on personal data protection. 

This is the second bug bounty program that MINDEF has run on HackerOne. The first one resulted in 35 security weaknesses being addressed. 

As part of this year’s challenge, the agency is inviting 400 individuals to participate (up from 300 for last year’s challenge), and says that 200 of them are based locally in Singapore. 

The monetary rewards offered throughout this challenge range from $150 to $10,000, depending on the severity of the discovered security issues. MINDEF promises additional bug bounties for the discovery of vulnerabilities that could result in the loss of personal data.

The worldwide perception around hackers has improved recently, and entities from all sectors, including government agencies and Fortune 500 companies, are launching hacker-powered programs to improve the security of their systems. 

According to HackerOne, the European Commission and the U.S. Department of Defense are among those to have already launched hacker-powered security programs, HackerOne. 

In its 2019 Hacker-Powered Security Report, HackerOne revealed that six white-hat hackers have already earned over $1 million in lifetime earnings from bug bounties.

“We want to applaud MINDEF for being one of the first few government agencies to embrace such a forward-thinking approach to security. MINDEF’s continued investment in hacker-powered security exemplifies the value governments and companies see from partnering with the hacker community to reduce risks,” Fifi Handayani, MINDEF’s Program Manager at HackerOne, said.

HackerOne has an office in Singapore, which it opened earlier this year to meet growing demand in the Asia Pacific region. MINDEF, GovTech, National University of Singapore, Toyota, Nintendo and Grab are only some of the customers in the region to have already launched programs with the platform. 

Singapore is host to the APAC edition of SecurityWeek’s ICS Cyber Security Conference, an event dedicated to serving critical infrastructure and industrial Internet stakeholders in the APAC region.

Related: Singapore Government Announces Third Bug Bounty Program

Related: Singapore Signs Cybersecurity Agreements With US, Canada

Related: HackerOne Raises $36.4 Million in Series D Funding Round

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.


Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.