Singapore Ministry of Defense Kicks-off Second Bug Bounty Program

• Four hundred white-hat hackers from the HackerOne global community will join to uncover vulnerabilities in 11 internet-facing systems and websites.
• Bounties range from $150 to $10,000.

What’s happening in Singapore

Despite the best efforts of security teams in large organizations, critical vulnerabilities can still manage to fly under the radar every now and then. This creates the need for leveraging external expertise to find security

Everyone from Fortune 500 companies to government agencies is embracing the positive power of hacking for good. In a similar initiative with HackerOne—one of the leading hacker-powered pen-testing and bug bounty platform, the Ministry of Defence, Singapore (MINDEF) has today started its second bug bounty program.

Four hundred white-hat hackers, from around the world, will test 11 government-owned targets, including websites and public digital systems belonging to MINDEF, Singapore Armed Forces (SAF), and other agencies in the defense sector.

“We want to applaud MINDEF for being one of the first few government agencies to embrace such a forward-thinking approach to security,” said Fifi Handayani, MINDEF’s Program Manager at HackerOne. “MINDEF’s continued investment in hacker-powered security exemplifies the value governments and companies see from partnering with the hacker community to reduce risks.”

Hackers will have to check the systems for security weaknesses and other vulnerabilities in the network. This year’s bug bounty challenge also has an added focus on personal data protection.

Last year, HackerOne’s first successful bug bounty challenge with MINDEF in 2018 had resulted in 35 safely resolved security weaknesses. A total bounty of $14,750 was awarded to the participants.

Program details

• Reward up for grabs: $150 to $10,000 (based on the severity of the vulnerabilities discovered)
• Duration of the event: From September 30 - October 21, 2019

Bounty programs are popular

Earlier in Aug, the U.S. Air Force had concluded a successful three-month pilot program with Bugcrowd where researchers and bug hunters and discovered 54 vulnerabilities within the CCE over the period. Air Force bug bounty program now eyes expansion and wish to include more system to check for vulnerabilities.

Today, there are several major online platforms and organizations from the software industry that frequently conduct bug bounty programs. Five such large companies that use bug bounty programs include Google, Facebook, PayPal, Netflix, and Apple.

The prevalence of bug bounty programs has also led to the rise of millionaire bounty hunters.