MINDEF Singapore successfully concludes inaugural Bug Bounty Programme

MINDEF Singapore successfully concludes inaugural Bug Bounty Programme

At a media brief today, the Ministry of Defence (MINDEF)’s
Defence Cyber Chief, Mr David Koh, announced
the results for the inaugural MINDEF Bug Bounty Programme today.

The Bug Bounty programme was launched on 15 January 2018 with
the objective of strengthening Singapore’s defence networks and systems, which present
an attractive target for malicious cyber activity. Selected white hat
hackers from around the world invited to test MINDEF’s Internet-facing
systems for vulnerabilities (or "bugs") in return for rewards.

The programme facilitated by HackerOne, a reputable international bug
bounty company, successfully concluded on 15 January 2018.

A total of 264 white hats from around the world participated
in this programme, including participants from Canada, Egypt, India, Ireland,
Pakistan, Romania, Russia, Singapore, Sweden, and the United States. There were
100 from the local white hat community and 164 (including 57 of the top 100
ranked white hats in HackerOne’s network) from HackerOne’s network of about
175,000 international white hat hackers.  

34 participants submitted 97 vulnerability reports, of which
35 reports were deemed valid. The amount of bounties paid out ranged from
US$250 to US$2,000. The total bounty payout was US$14,750.

The top overall white hat participant is Shivadagger, a
local researcher. He reported nine unique vulnerabilities, receiving a total
bounty of US$5,000, which is about one third of the total bounty payout. He
received US$2,000 for one of the high severity bugs, and between US$250 and
US$750 for his other validated bugs.

Commenting on the results, Mr Koh noted that the programme
had been successful and effective in strengthening Singapore’s defence networks
and systems.

He said, “It is not possible to achieve 100% security, with
complex computer programmes and the way coding is done. New vulnerabilities are
being discovered every day; and you can get a sense of this from the regular
patches and updates we get on our home computers. The bug bounty programme
allowed MINDEF to tap on a global talent pool of white hat hackers, who then
were able to test our systems and find new vulnerabilities that we were not
aware of. As a result, our internet-facing systems are now more secure.”

Co-founder and Chief Technology Officer of HackerOne, Mr
Alex Rice, said, “The Singapore Ministry of Defence must be applauded for being
one of the first few government agencies, and the first in Asia, to embrace
such a forward-thinking approach to security. MINDEF’s programme signals
further momentum for government agency collaboration with the hacker

The press release states that the nature of modern computer
software and systems is that they are not able to be fully secured, and new
vulnerabilities are discovered every day. MINDEF will continue to explore other
methods to evolve and improve defences against cyber threats.