White hat hackers could get a big payday as the Government Technology Agency (GovTech) of Singapore launched its Vulnerability Rewards Programme (VRP), which will offer a bounty of up to US$150,000 (approximately S$201,800) for the discovery of vulnerabilities in critical government systems. This is an expansion of the country's existing Government Bug Bounty Programme and Vulnerability Disclosure Programme, making the VRP the third crowdsourced vulnerability discovery initiative by the agency.
The amount of money hackers will receive will depend on the severity of the vulnerabilities found. GovTech said that participants could get US$250 to US$5,000 (approximately S$336 to S$6728) for their work and that as much as US$150,000 will be given for the detection of vulnerabilities that could greatly affect selected systems and data.
The hackers will assess three systems: Singpass and Corppass from GovTech, the Ministry of Manpower (MOM) and Central Provident Fund Board's member e-Services as well as MOM's Workpass Integrated System 2. GovTech stated that more Information and Communication Technology (ICT) systems will be added to the programme.
Since the aforementioned systems play a big role in the delivery of Singapore's essential digital government services, the selection process for participants will be strict. Bug bounty firm HackerOne will screen the applicants and those who make the cut will then carry out security testing through a virtual private network (VPN) gateway prepared by the company. This will ensure that the hackers are following the programme's Rules of Engagement (ROE). Participants who break the ROE will have their access to the VPN revoked.
Lim Bee Kwan, Assistant Chief Executive for Governance and Cybersecurity, said that the country's bug bounty programme helped pinpoint several government vulnerabilities.
"Since the launch of our first crowdsourced vulnerability discovery programme in 2018, we have partnered with over 1,000 highly skilled white hat hackers to discover about 500 valid vulnerabilities. The new Vulnerability Rewards Programme will allow the government to further tap the global pool of cybersecurity talents to put our critical systems to the test, keeping citizens' data secured to build a safe and secure Smart Nation," said Lim.
GovTech stated that the programme shows the Singaporean government's commitment to securing critical ICT systems and personal data.
Written by Sophia Lopez