HackerOne, the number one hacker-powered pentesting and bug bounty platform, Singapore’s Government Technology Agency (GovTech) and Cyber Security Agency of Singapore (CSA) today announced the results of its second Government Bug Bounty Programme (BBP). At the same time, GovTech is launching a Vulnerability Disclosure Programme (VDP) on the HackerOne platform, inviting members of the public to identify and report the discovery of vulnerabilities found in all government internet-facing web-based and mobile applications. More information on VDP can be found here. The VDP will be the second initiative that GovTech has launched in partnership with HackerOne.
Thirty one vulnerabilities were surfaced and remediated thanks to hackers in second Government Bug Bounty Programme
Nearly 300 white hat hackers from around the world participated in the second Government BBP, helping to discover vulnerabilities in nine public government Information and Communication Technology (ICT) systems and digital services with high user touch points from July 8 to July 28, 2019 in exchange for monetary rewards also known as bounties. Thirty one vulnerabilities were discovered and $25,950 were paid out in bounties for successful findings. Of the vulnerabilities reported through the GBBP on HackerOne, four were considered “high severity” and the remaining 27 were “medium/low severity”.
About a quarter of the hackers were Singaporeans, 30 of which had participated in the first GBBP, and seven out of the top 10 hackers who earned bounties were Singaporeans. The top hacker was “@spaceraccoon”, a 24-year old Singaporean who found nine vulnerabilities and was awarded $8,500.
The VDP is a part of the Singapore Government’s ongoing commitment to collaborate with the cybersecurity community to build a secure and resilient Smart Nation. In addition to the VDP, GovTech will conduct a third government BBP in November 2019 to continue to strengthen and enhance the cybersecurity of government systems and applications.
“The Singapore Government has been a leader in their adoption of hacker-powered security solutions within the Asia Pacific region, and we are honored to be a part of this journey,” said Fifi Handayani, GovTech’s Program Manager at HackerOne. “Their implementation of both ongoing and time-bound hacker-powered security initiatives demonstrates the maturity of their cybersecurity program and the value they have seen from maximising hacker engagement to reduce risk.”
For more information on the VDP policies, please visit https://www.tech.gov.sg/report_vulnerability.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be exploited. More Fortune 500 and Forbes Global 1000 companies trust HackerOne than any other hacker-powered security alternative. With over 1,500 customer programs, including The U.S. Department of Defense, General Motors, Google, Goldman Sachs, PayPal, Hyatt, Twitter, GitHub, Nintendo, Lufthansa, Microsoft, MINDEF Singapore, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, Intel, the CERT Coordination Center, HackerOne has helped to find over 130,000 vulnerabilities and award over $67M in bug bounties to a growing community of 500,000 hackers. HackerOne is headquartered in San Francisco with offices in London, New York, the Netherlands, France and Singapore.