Singapore, HackerOne hold bug bounty program to test gov’t targets

MANILA, Philippines – Singapore’s Ministry of Defense (MINDEF) and penetration testing and bug bounty platform HackerOne are teaming up again to hold a bug bounty program for its government systems.

MINDEF said it invited 400 trusted hackers, 200 of which are from Singapore, to look for security weaknesses in 11 government-owned targets. The targets include “websites and public digital systems belonging to MINDEF/Singapore Armed Forces (SAF) and other agencies in the defense sector.”

Participants will be on the lookout for security weaknesses and prepare issues found for resolution. The aim is to increase the security of SIngapore’s systems and, as an additional focus of the testing, to enhance personal data protection as well.

Successful participants have the opportunity of earning monetary payouts – the aforementioned bug bounties – for finding and identifying vulnerabilities. These range from $150 to $10,000 per vulnerability and are dependent on the severity of the discovered issues, with further bounties to be given out if the vulnerabilities can result in the loss of personal data.

MINDEF’s 2018 bug-hunting event, which had around 200 participants, ended with 35 safely resolved security weaknesses.

In a statement, HackerOne CEO Marten Mickos said Singapore was setting an example “by taking decisive steps towards securing their vital digital assets.”

“Only governments that take cybersecurity seriously can reduce their risk of breach and interruption of digital systems. Singapore’s continued commitment to collaboration in cybersecurity is something that will help propel the industry’s progress just as much as it will contribute to protecting Singapore citizen and resident data,” Mickos added. 

The bug bounty program, which began Monday, September 30, is set to last until October 21. – Rappler.com