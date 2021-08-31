SINGAPORE: A new crowdsourcing programme that rewards white hat hackers who discover vulnerabilities has been launched, the Government Technology Agency of Singapore (GovTech) said in a media release on Tuesday (Aug 31).

The Vulnerability Rewards Programme will start with three systems, the agency said: GovTech's SingPass and CorpPass; the Ministry of Manpower (MOM) and Central Provident Fund's member e-services; and MOM's Workpass Integrated System.

More systems will be added to the programme progressively, GovTech said.

Only white hat hackers who have met "strict criteria" will be allowed to participate, the agency added, as the systems involved are critical to delivering essential Government services.



Checks will be conducted by US-based bug bounty company, HackerOne.

Rewards for vulnerabilities found can range from US$250 to US$5,000 depending on its severity, GovTech said.

A special bounty of up to US$150,000 is also offered for the discovery of vulnerabilities that could cause "exceptional" impact on selected systems and data.

Selected systems under the new rewards programme have categories outlining the consequences that qualify as exceptional impact. The categories will apply only to the respective systems and white hat hackers will be informed of the categories after they have registered.

"The special bounty is benchmarked against crowdsourced vulnerability programmes conducted by global technology firms such as Google and Microsoft," said GovTech in the media release.