Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Singapore Government Launches New Bug Bounty Program

The Singapore Government Technology Agency (GovTech) on Tuesday introduced a new Vulnerability Rewards Programme (VRP) on HackerOne that offers bug bounty rewards of up to $150,000.

The Singapore Government Technology Agency (GovTech) on Tuesday introduced a new Vulnerability Rewards Programme (VRP) on HackerOne that offers bug bounty rewards of up to $150,000.

GovTech already runs a Government Bug Bounty Programme (GBBP) and a Vulnerability Disclosure Programme (VDP), but aims to further expand its cybersecurity capabilities to better protect the Government’s Infocomm Technology and Smart Systems (ICT&SS).

By running three crowdsourced vulnerability discovery programs, GovTech aims to ensure it can take advantage of continuous reporting and seasonal in-depth testing that complement routine pen testing operations run by the government.

The expanded VDP is open to all members of the public to identify and report security holes in Internet-facing systems, but only white hat hackers who meet strict criteria are allowed to participate in the GBBP and VRP, because higher-value systems are involved.

[ Related: Google Paid $30M in Bug Bounty Rewards Over 10 Years ]

Selected systems are open for testing for each iteration of the seasonal GBBP, while the new VRP is meant to ensure continuous testing of a broad range of critical ICT systems that support the delivery of essential digital government services.

Vulnerability reports submitted through the VRP may qualify for monetary rewards ranging between $250 and US$5,000, based on vulnerability severity. Security flaws that could cause “exceptional impact on selected systems and data” may qualify for a special bounty of up to $150,000.

“The special bounty is benchmarked against crowdsourced vulnerability programmes conducted by global technology firms such as Google and Microsoft. This signals the Singapore Government’s commitment to secure critical ICT systems and sensitive personal data,” GovTech says.

Advertisement. Scroll to continue reading.

Initially, the VRP will cover three systems, namely Member e-Services (Ministry of Manpower – Central Provident Fund Board), Singpass and Corppass (GovTech), and Workpass Integrated System 2 (Ministry of Manpower).

With the VRP running on HackerOne, the platform will be responsible for vetting the white hat hackers who will be allowed to participate. Testing will be performed through a designated virtual private network (VPN) gateway that HackerOne will provide. Participants who break the permitted Rules of Engagement (ROE) may have their VPN access revoked.

Related: Singapore Ministry of Defence Launches New Bug Bounty Program

Related: Singapore Government Announces Third Bug Bounty Program

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...