You are here

'Ethical hackers' could get up to US$10,000 under government programme

ETHICAL hackers could stand to earn anywhere from US$250 to US$10,000 under the second Government Bug Bounty Programme (BBP) for discovering vulnerabilities within government-related systems and digital services, the Government Technology Agency (GovTech) and Cyber Security Agency (CSA) of Singapore announced on Monday. 

Conducted by GovTech and CSA, this year's government BBP will run for three weeks from July to August. 

Participating ethical hackers - also known as "white hat" hackers – will be required to register with the appointed bug bounty company, HackerOne.

Authorised hackers will then receive rewards ranging from US$250 to US$10,000, depending on the severity of the discovered vulnerability. These vulnerabilities will then be reported to the relevant organisation for remediation, with key findings of the programme to be shared in September 2019, the authorities said. 

According to GovTech and CSA's joint statement, the first government BBP was conducted earlier this year where five Internet-facing government ICT (information and communications technology) systems and digital services were tested.

This year's BBP will be expanded to cover nine Internet-facing government ICT systems and digital services with high user touchpoints.

These include GovTech's SingPass and MyInfo platform, Singapore Land Authority's OneMap website and mobile app, the Monetary Authority of Singapore's corporate website and MASNET, the Ministry of Education's Parents Gateway portal, as well as the Ministry of Manpower's SGWorkPass mobile app and CheckWorkPass Status e-Service.

Last year, about 400 local and overseas "white hat" hackers took part in the inaugural government BBP. Some 26 vulnerabilities were uncovered, and a total bounty payout of close to US$12,000 was awarded.

The authorities also noted that the second government BBP signals the state's continued commitment to work with the cybersecurity community to strengthen and safeguard government ICT systems and digital services.

GovTech is the lead agency driving Singapore's public sector digital transformation and the Smart Nation initiative.