The Singapore Authorities has introduced a brand new short-term bug bounty program to for exterior hackers to seek out vulnerabilities in 9 key government-run web sites.
The bug bounty is being overseen by the Authorities Expertise Company of Singapore (GovTech) and the Cyber Safety Company of Singapore (CSA).
The three week bug looking program is proscribed to internet-facing methods and can give attention to 9 widely-used methods, together with the GovTech-run SingPass and MyInfo web sites for transacting with authorities companies on-line; the Singapore Land Authority’s OneMap web site and and cell app; and the Financial Authority of Singapore’s MASNET and MAS company web sites utilized by monetary establishments.
Others embrace the Ministry of Training’s Dad and mom Gateway; and the Ministry of Manpower’s SGWorkPass cell and CheckWorkPass Standing e-Service.
Singapore kicked off its first authorities three week bug bounty in December 2018, providing pre-selected researchers awards of as much as $10,000 per bug. This system helped resolve 26 bugs and complete rewards to researchers of just below $12,000.
Singapore’s Ministry of Defence (MINDEF) had run separate bug bounty in in early 2018 that produced 35 legitimate bug stories and a prime particular person prize of $2,000.
As with the earlier GovTech and CSA bug bounty applications, this new program can be managed by third-party bug bounty agency, HackerOne. Rewards vary between US$250 to US$10,000. This system will run from July to August 2019, and GovTech intends to announce key findings in September 2019.
HackerOne boasts that apart from the Singapore Authorities, others nations’ companies utilizing it for bug bounties embrace the U.S. Division of Protection, U.S. Basic Service Administration, the UK’s NCSC, and the European Fee, which has an ongoing EU-FOSSA program focusing on open supply program.
One beneficiary of the EC’s bug bounty was the challenge behind fashionable VLC media participant, which in June launched its greatest safety replace ever. However key VLC builders have been left with combined emotions about this system as a result of it attracted each scammers and really technically competent hackers who helped it resolve safety bugs.