Monetary rewards for ethical hackers
The Government Technology Agency (GovTech) announced yesterday (August 31) that it had partnered with HackerOne to offer selected security researchers the opportunity to hunt for bugs in a private program.
In the statement, GovTech said it will offer between $250 and $5,000 for bug reports, and will allocate a bonus of $150,000 for “vulnerabilities that could cause exceptional impact on selected systems and data”.
The bonus is benchmarked against other programs from tech firms including Google and Microsoft, GovTech said.
“This signals the Singapore government’s commitment to secure critical ICT systems and sensitive personal data,” the release reads.
Participants will be invited to join the program by HackerOne, which will oversee the management and triage of bug reports.
Those wishing to take part will already need to be registered on the platform and should have ‘HackerOne Clear’ status. White hats who are eligible but have not received an invite can request one through HackerOne.
The new bug bounty program will focus on securing the digital services arm of the Singapore government
The Singapore government launched its first bug bounty program in 2018, also with HackerOne, focusing on securing public-facing government websites.
This latest program is another effort made by the Singapore government to demonstrate its commitment to improving its data and cybersecurity.
Last month, the nation signed an agreement with the US to enhance cooperation and knowledge sharing about cyber threats targeting financial agencies.
A Memorandum of Understanding on Cybersecurity Cooperation was announced on August 23, which hopes to deepen “cooperation in new domains to deal with the challenges of the 21st century”.