Home Governance Singapore Government Patches 31 vulnerabilities found by Ethical Hackers

Singapore Government Patches 31 vulnerabilities found by Ethical Hackers

Cybersecurity Singapore

The Government of Singapore announced that it has rectified 31 vulnerabilities in its network systems that were found by ethical hackers in the Government Bug Bounty Program (BBP). The bug bounty program was organized by the Government Technology Agency (GovTech) and Cyber Security Agency (CSA) in partnership with HackerOne, a popular bug bounty platform.

HackerOne helps organizations find and fix the potential vulnerabilities before they can be exploited by cybercriminals. The new bug bounty program is part of the Singapore government’s ongoing commitment to protect its citizens and secure government network systems. The hacking challenge will offer a monetary reward to the hackers for discovering and reporting potential vulnerabilities.

The Government has paid out S$25,950 in bounties for discovering 31 vulnerabilities, in which four were considered as High Severity and the remaining 27 were considered as medium/low severity.

Also, GovTech launched its new Vulnerability Disclosure Program (VDP) on the HackerOne platform, inviting security pros to identify and report the vulnerabilities. The Singapore government stated the bug bounty program will run over a period to find security flaws in public-facing government network systems and websites.

The VDP is a part of the Singapore Government’s ongoing commitment to collaborate with the cybersecurity community to build a secure and resilient Smart Nation. In addition to the VDP, GovTech will conduct a third government BBP in November 2019 to continue to strengthen and enhance the cybersecurity of government systems and applications.

“The Singapore Government has been a leader in their adoption of hacker-powered security solutions within the Asia Pacific region, and we are honored to be a part of this journey,” said Fifi Handayani, GovTech’s Program Manager at HackerOne. “Their implementation of both ongoing and time-bound hacker-powered security initiatives demonstrate the maturity of their cybersecurity program and the value they have seen from maximizing hacker engagement to reduce risk.”

In related news, the Monetary Authority of Singapore (MAS) announced the launch of S$30 million (US$22 million) cybersecurity capabilities grant.  The new allocation helps Singapore’s financial institutions strengthen their cyber resilience and upskill local talent through cybersecurity-related training programs like security operations, cyber threat surveillance, computer forensics, malware analysis, and cyberthreat hunting.