Skip to main content




Hackers get invite to find holes in Singapore Govt's digital systems in 2nd bug bounty exercise

Five highly used Internet-facing systems and websites such as the REACH and MFA sites will be subject to ethical hackers' scrutiny for a month.

Hackers get invite to find holes in Singapore Govt's digital systems in 2nd bug bounty exercise

A person using a laptop. (File photo: AFP)

SINGAPORE: A second bug bounty programme targeting five Government systems and websites in Singapore is currently underway, according to a joint release by the Government Technology Agency of Singapore (GovTech) and Cyber Security Agency of Singapore (CSA).

Issued on Friday (Dec 21), both agencies said they will partner local and overseas ethical, or white hat, hackers to search for vulnerabilities in these systems in return for rewards.

READ: Singapore start-up catches computer bugs for a living, and wants more to do the same

The five highly used systems are: the website, the REACH website, Ministry of Communications and Information's Press Accreditation Card Online, the Ministry of Foreign Affairs (MFA) website and MFA's eRegister. 

Rewards for vulnerabilities found can range from US$250 to US$10,000 depending on its severity, and reported bugs will be addressed by the relevant organisation, the release said. 

US-based HackerOne is again running the programme for the Government and it will last three weeks. It conducted one for the Ministry of Defence last December, which saw it pay out US$14,750 in bounties to 17 successful hackers who participated.

"The Government Bug Bounty Programme is part of the Singapore Government’s ongoing efforts to build a secure and resilient Smart Nation," GovTech and CSA said. 

"With cyberattacks growing in scale and complexity, the (programme) will help to build an innovative cyber ecosystem, draw in a wide range of expertise to help identify the Government’s cyber blind spots, and benchmark its defences against skilled global hackers."

Key findings from this exercise will be shared next March and such bug bounty programmes will be expanded to includre more Government IT systems in future, they added. 

Source: CNA/kk


Also worth reading