The Singapore Authorities has introduced a brand new short-term bug bounty program to for exterior hackers to search out vulnerabilities in 9 key government-run web sites.
The bug bounty is being overseen by the Authorities Know-how Company of Singapore (GovTech) and the Cyber Safety Company of Singapore (CSA).
The three week bug looking program is restricted to internet-facing techniques and can deal with 9 widely-used techniques, together with the GovTech-run SingPass and MyInfo web sites for transacting with authorities businesses on-line; the Singapore Land Authority’s OneMap web site and and cell app; and the Financial Authority of Singapore’s MASNET and MAS company web sites utilized by monetary establishments.
Others embrace the Ministry of Training’s Dad and mom Gateway; and the Ministry of Manpower’s SGWorkPass cell and CheckWorkPass Standing e-Service.
Singapore kicked off its first authorities three week bug bounty in December 2018, providing pre-selected researchers awards of as much as $10,000 per bug. This system helped resolve 26 bugs and complete rewards to researchers of just below $12,000.
Singapore’s Ministry of Defence (MINDEF) had run separate bug bounty in in early 2018 that produced 35 legitimate bug reviews and a high particular person prize of $2,000.
As with the earlier GovTech and CSA bug bounty applications, this new program shall be managed by third-party bug bounty agency, HackerOne. Rewards vary between US$250 to US$10,000. This system will run from July to August 2019, and GovTech intends to announce key findings in September 2019.
HackerOne boasts that in addition to the Singapore Authorities, others nations’ businesses utilizing it for bug bounties embrace the U.S. Division of Protection, U.S. Common Service Administration, the UK’s NCSC, and the European Fee, which has an ongoing EU-FOSSA program focusing on open supply program.
One beneficiary of the EC’s bug bounty was the challenge behind fashionable VLC media participant, which in June launched its greatest safety replace ever. However key VLC builders had been left with combined emotions about this system as a result of it attracted each scammers and truly technically competent hackers who helped it resolve safety bugs.