At a media brief today, the Ministry of Defence (MINDEF)’s Defence Cyber Chief, Mr David Koh, announced the results for the inaugural MINDEF Bug Bounty Programme today.
The Bug Bounty programme was launched on 15 January 2018 with the objective of strengthening Singapore’s defence networks and systems, which present an attractive target for malicious cyber activity. Selected white hat hackers from around the world invited to test MINDEF’s Internet-facing systems for vulnerabilities (or “bugs”) in return for rewards.
The programme facilitated by HackerOne, a reputable international bug bounty company, successfully concluded on 15 January 2018.
A total of 264 white hats from around the world participated in this programme, including participants from Canada, Egypt, India, Ireland, Pakistan, Romania, Russia, Singapore, Sweden, and the United States. There were 100 from the local white hat community and 164 (including 57 of the top 100 ranked white hats in HackerOne’s network) from HackerOne’s network of about 175,000 international white hat hackers.
34 participants submitted 97 vulnerability reports, of which 35 reports were deemed valid. The amount of bounties paid out ranged from US$250 to US$2,000. The total bounty payout was US$14,750.
The top overall white hat participant is Shivadagger, a local researcher. He reported nine unique vulnerabilities, receiving a total bounty of US$5,000, which is about one third of the total bounty payout. He received US$2,000 for one of the high severity bugs, and between US$250 and US$750 for his other validated bugs.
Commenting on the results, Mr Koh noted that the programme had been successful and effective in strengthening Singapore’s defence networks and systems.
He said, “It is not possible to achieve 100% security, with complex computer programmes and the way coding is done. New vulnerabilities are being discovered every day; and you can get a sense of this from the regular patches and updates we get on our home computers. The bug bounty programme allowed MINDEF to tap on a global talent pool of white hat hackers, who then were able to test our systems and find new vulnerabilities that we were not aware of. As a result, our internet-facing systems are now more secure.”
Co-founder and Chief Technology Officer of HackerOne, Mr Alex Rice, said, “The Singapore Ministry of Defence must be applauded for being one of the first few government agencies, and the first in Asia, to embrace such a forward-thinking approach to security. MINDEF’s programme signals further momentum for government agency collaboration with the hacker community.”
The press release states that the nature of modern computer software and systems is that they are not able to be fully secured, and new vulnerabilities are discovered every day. MINDEF will continue to explore other methods to evolve and improve defences against cyber threats.