In conjunction with the Cyber Security Agency of Singapore (CSA) and HackerOne, the Singapore Government Technology Agency (GovTech) launched the second Government Bug Bounty Programme (BBP) held between 8 July to 28 July 2019.
Concurrently, GovTech has launched a Vulnerability Disclosure Programme (VDP) on the HackerOne platform, which will make it easier for members of the public to report vulnerabilities on all existing government e-platforms.
300 white hat hackers from around the world participated in the BBP, incentivised by cash bounties. In total, 31 vulnerabilities were discovered, with USD 25,950 awarded in bounties to successful hackers.
Of the 31 vulnerabilities, four were deemed “high severity”, with the remaining 27 listed as “medium/low severity”.
Although only a quarter of the 300 participants were Singaporeans, local hackers made up seven out of the top ten hackers. The top performer was @spaceraccoon, a 24-year old Singaporean who discovered nine vulnerabilities for a total of USD 8,500 in bounty payouts.
The VDP is an integral part of the government’s push toward its Smart Nation initiative. With systems going online for greater convenience, efficiency and ease of use, abuses have resulted in the personal data of citizens being compromised by security loopholes.
A third government-initiated BBP will be held in November 2019 to further