The Singapore government is growing its bug bounty programme to permit which white hat hackers to generate up to $5,000 for vulnerabilities they report by way of HackerOne.
The Federal government Technology Company (GovTech) has released a new Vulnerability Rewards Programme (VRP) as element of its Federal government Bug Bounty Programme (GBBP) and Vulnerability Disclosure Programme (VDP) which it suggests will health supplement its suite of cyber security capabilities.
The VRP aims to repeatedly take a look at a broader variety of critical ICT programs essential for the ongoing delivery of vital services in the country’s electronic overall economy, the federal government said.
The programme provides monetary benefits ranging from $250 to $5,000 to white hat hackers dependent on the severity of vulnerabilities uncovered. It is also featuring a specific bounty of $150,000 for the discovery of vulnerabilities that could result in “exceptional impression on picked units and data”, which is benchmarked versus other bounty programmes executed by global tech firms like Google and Microsoft.
“Since the start of our 1st crowdsourced vulnerability discovery programme in 2018, we have partnered with above 1,000 very experienced white hat hackers to find out about 500 valid vulnerabilities,” reported Lim Bee Kwan, assistant chief government for governance and cybersecurity at GovTech.
“The new Vulnerability Rewards Programme will allow the Federal government to further more tap the worldwide pool of cybersecurity talents to set our critical methods to the take a look at, maintaining citizens’ information secured to establish a risk-free and secure Good Nation.”
Presently, the programme will cover three programs, Singpass and Corppass (GovTech), Member e-solutions (Ministry of Manpower), and Workpass Built-in Program 2 (Ministry of Manpower), with much more critical ICT systems set to be included to the programme in the foreseeable future.
The government explained that only white hat hackers who have met demanding conditions will be authorized to take part, as “these are devices that are critical to the delivery of vital government services”. The checks will be carried out by HackerOne and registered contributors will have out security screening via a VPN, which will also be provided by the bug bounty organization.
Some parts of this posting are sourced from: