HackerOne, Singapore’s Government Technology Agency (GovTech) and Cyber Security Agency of Singapore (CSA) have announced the successful conclusion of the latest Government Bug Bounty Programme (GBBP), part of the Singapore Government’s ongoing initiative to build a secure and resilient Smart Nation. During the three week hacking challenge, more than 400 hackers globally were invited to look for security weaknesses in the Singapore Government’s digital assets. As a result, hackers earned US$11,750 in exchange for reporting 26 valid security weaknesses to GovTech so they could be safely fixed. Through their bug bounty programme Singapore is improving the security of its internet-facing government systems with help from hackers.
The GBBP ran from 27 December 2018 to 16 January 2019 and welcomed 400 ethical hackers to test five internet-facing government systems. Of the 26 valid vulnerabilities reported through the GBBP on HackerOne, seven were considered low severity, 18 were medium severity, and one was high severity. One-quarter of all participating hackers and seven out of the top 10 hackers who earned bounties were from Singapore. Following these successful programs, GovTech and CSA plan to expand the next edition of the GBBP to include more Government internet-connected systems and websites.
“National security cannot exist without cybersecurity,” said Marten Mickos, CEO of HackerOne. “The Singapore Government has fully realized this. They are governmental pioneers in safeguarding vital internet connected systems with the help of an army of over 300,000 ethical hackers. They realize that bug bounty programs allow us to bring the best minds together to counter the risks of today’s cyber environment.”
This is the Singapore government’s second successful bug bounty programme with industry leader HackerOne, following the first bug bounty programme by the Singapore Ministry of Defence (MINDEF). By bringing together a community of cyber defenders who share the common goal of developing a safe and resilient cyberspace, the GBBP builds collective ownership over the cybersecurity of Government systems and websites, which is vital to achieve Singapore’s Smart Nation goals.
HackerOne was selected to manage the bug bounty programme because of its largest credentialled global ethical hacker community and proven results with MINDEF and proven track record of success with governments globally. GovTech and MINDEF join government agencies like the U.S. Department of Defense, U.S. General Service Administration, and the European Commission who partner with HackerOne to find their critical security vulnerabilities with help from the global hacker community.