The Government Technology Agency and Cyber Security Agency of Singapore will be conducting the second Government Bug Bounty Programme (BBP) from July to August 2019. The inaugural Government BBP was conducted earlier this year where five Internet-facing government ICT systems and digital services were tested.
The second Government BBP, which will run for three weeks, will be expanded to cover nine Internet-facing government ICT systems and digital services with high user touchpoints: SingPass and MyInfo (GovTech); OneMap website and mobile (Singapore Land Authority); MASNET and MAS corporate website (Monetary Authority of Singapore); Parents Gateway (Ministry of Education); and SGWorkPass mobile and CheckWorkPass Status e-Service (Ministry of Manpower).
Ethical Hackers Rewarded for Discovering Vulnerabilities
Similar to the inaugural Government BBP, participating ethical hackers – also known as ‘white hat’ hackers – will be required to register with the appointed bug bounty company, HackerOne. Registered/authorised hackers will receive rewards ranging from US$250 to US$10,000, depending on the severity of the discovered vulnerability. Discovered vulnerabilities are reported to the relevant organisation to be rectified. Key findings of the programme will then be shared in September 2019.
Government Committed to Strengthening Cybersecurity
About 400 local and overseas ‘white hat’ hackers took part in the inaugural Government BBP. 26 vulnerabilities were uncovered and a total bounty payout of close to US$12,000 was awarded. The second Government BBP signals the Government’s continued commitment to work with the cybersecurity community and industry to strengthen and safeguard government ICT systems and digital services.