Singapore announces third HackerOne bug bounty programme
By Digital News Asia July 2, 2019
- Follows prior programmes with GovTech and Mindef Singapore
- GovTech’s bug bounty programme will run from July to August 2019
HACKERONE, a hacker-powered security platform, on July 1 announced it will partner with the Government Technology Agency of Singapore (GovTech) and the Cyber Security Agency of Singapore (CSA), to work with hackers from all over the world to further protect Singapore citizens by testing public-facing government systems.
This is HackerOne’s third bug bounty initiative with the Singapore Government, following successful prior programmes with GovTech and Mindef Singapore.
The bug bounty initiative will invite a select group of proven ethical hackers to test GovTech’s systems in exchange for a monetary reward, or bounty, for valid reported security weaknesses.
Bug bounty programmes are an industry best practice, implemented by public and private sector organisations across industries and regions.
GovTech Singapore joins government agencies like Singapore Mindef, the US Department of Defense, US General Service Administration, NCSC, and the European Commission who have selected HackerOne to leverage on the global hacker community to detect unknown security vulnerabilities before they can be exploited by criminals.
Other organisations that work with hackers to improve cyber-security include Alibaba, Grab, Toyota, PayPal, Google Play, Nintendo, General Motors and Starbucks.
“GovTech and the Singapore Government are among the world’s leaders in cyber-security,” said Paul Griffin, director of Programme Management at HackerOne.
“Tapping the skilled and global hacker community is the most efficient way to approach security testing. The latest bug bounty programme continues to signal momentum in the constant battle against malicious actors on the Internet.”
The Singapore Government’s latest bug bounty programme is part of a strategic initiative and commitment to build a secure and resilient Smart Nation by strengthening collaboration with the cyber-security industry and community.
GovTech’s bug bounty programme will run from July to August 2019 and will cover nine Internet-facing government digital services and information and communication technology systems with high user interaction.
Roughly 200 proven international hackers and 100 local hackers will be invited to participate based on previous performance metrics on the HackerOne platform.
Bounties for this GovTech programme will range from US$250 to US$10,000 per valid unique security vulnerability report, depending on severity. Results of the programme will be announced in September 2019.
This third HackerOne bug bounty program follows GovTech’s prior bug bounty programme, which concluded in February 2019. About 400 local and overseas ethical hackers took part in the most recent GovTech bug bounty programme, uncovering 26 vulnerabilities and earning participating hackers a total of nearly US$12,000 in bounties.
Similarly, Mindef concluded a successful bug bounty challenge in early 2018 with HackerOne hackers, resulting in 35 safely resolved security weaknesses.