GovTech Offers Hackers Up To $200K If They Find Vulnerabilities On Gov Websites

Ethical Hackers Can Get Up To $200K From GovTech If They Spot Website Vulnerabilities

Any website can be vulnerable to security loopholes — even Government-operated ones. That’s likely why the Government Technology Agency (GovTech) has decided to bolster defences by getting help from who else but hackers themselves.

They released a media statement today (31 Aug) about their new Vulnerability Rewards Programme (VRP).

Offering bounties of up to US$150,000 (S$201,585), they’re calling on ‘white hat’ or ethical hackers to spot vulnerabilities in any Government systems.

GovTech offers hackers monetary reward for finding vulnerabilities

GovTech announced their new programme on Tuesday (31 Aug), aimed at helping to test the resilience of critical Government systems.

Together with the existing Government Bug Bounty Programme (GBBP) and Vulnerability Disclosure Programme (VDP), it will help to safeguard the Government’s Infocomm Technology and Smart Systems (ICT&SS).

This time, the appeal is for ethical hackers to help GovTech find vulnerabilities in online Government systems.

Source 

Hackers who successfully do so can earn rewards ranging from US$250 (S$335) to US$5,000 ($6,719).

But vulnerabilities that can cause an exceptional impact on selected systems and data can earn a hacker a special bounty of up to US$150,000 (S$201, 585).

Programme will cover essential Government services first

To test out the programme, it will cover 3 systems:

  1. SingPass and CorpPass under GovTech
  2. Member e-Services under the Ministry of Manpower (MOM) – Central Provident Fund (CPF) Board
  3. Work Pass Integrated System 2 under MOM

These systems are crucial to delivering essential digital Government services.

Source 

Candidates will conduct security testing through a designated virtual private network (VPN) gateway, which HackerOne will provide to ensure that activities are within the permitted Rules of Engagement (ROE).

Should participants breach the ROE, they may lose their VPN access. Doing so will reduce the likelihood of disrupting the integrity of the Government system.

With the programme in place, the Government will be able to gain access to a global pool of cybersecurity talents. From there, they can build a tighter security system to ensure the safety of Singapore’s data.

Building a tighter security system for Singapore

With the new programme in place, hopefully, Singapore will be able to build a tighter security system to prevent hacking incidents.

In the meantime, it is also important for individuals to safeguard their own individual data to ensure their privacy.

Have news you must share? Get in touch with us via email at news@mustsharenews.com.

Featured image adapted from Fatos Bytyqi on Unsplash.

  • More From Author