GovTech Singapore Resolved 26 Security Weaknesses and Awarded Global Hacker Community Over US$11,000 for Contributing to a More Secure and Resilient Smart Nation
HackerOne, Singapore’s Government Technology Agency(GovTech) and Cyber Security Agency of Singapore(CSA) have announced the successful conclusion of the latest Government Bug Bounty Programme (GBBP), part of the Singapore Government’s ongoing initiative to build a secure and resilient Smart Nation. During the three week hacking challenge, more than 400 hackers globally were invited to look for security weaknesses in the Singapore Government’s digital assets. As a result, hackers earned US$11,750 in exchange for reporting 26 valid security weaknesses to GovTech so they could be safely fixed. Through their bug bounty programme Singapore is improving the security of its internet-facing government systems with help from hackers.
The GBBP ran from 27 December 2018 to 16 January 2019 and welcomed 400 ethical hackers to test five internet-facing government systems. Of the 26 valid vulnerabilities reported through the GBBP on HackerOne, seven were considered low severity, 18 were medium severity, and one was high severity. One-quarter of all participating hackers and seven out of the top 10 hackers who earned bounties were from Singapore. Following these successful programs, GovTech and CSA plan to expand the next edition of the GBBP to include more Government internet-connected systems and websites.
“National security cannot exist without cybersecurity,” said Marten Mickos, CEO of HackerOne. “The Singapore Government has fully realized this. They are governmental pioneers in safeguarding vital internet connected systems with the help of an army of over 300,000 ethical hackers. They realize that bug bounty programs allow us to bring the best minds together to counter the risks of today’s cyber environment.”
This is the Singapore government’s second successful bug bounty programme with industry leader HackerOne, following the first bug bounty programme by the Singapore Ministry of Defence (MINDEF). By bringing together a community of cyber defenders who share the common goal of developing a safe and resilient cyberspace, the GBBP builds collective ownership over the cybersecurity of Government systems and websites, which is vital to achieve Singapore’s Smart Nation goals.
HackerOne was selected to manage the bug bounty programme because of its largest credentialled global ethical hacker community and proven results with MINDEF and proven track record of success with governments globally. GovTech and MINDEF join government agencies like the U.S. Department of Defense, U.S. General Service Administration, and the European Commission who partner with HackerOne to find their critical security vulnerabilities with help from the global hacker community.
About Government Technology Agency
The Government Technology Agency of Singapore (GovTech) is the lead agency driving Singapore’s Smart Nation initiative and public sector digital transformation. As the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS), GovTech develops the Singapore Government’s capabilities in Data Science & Artificial Intelligence, Application Development, Sensors & IoT, Digital Infrastructure, and Cybersecurity. GovTech supports public agencies to manage enterprise IT operations and develop new digital products for citizens and businesses. GovTech is the public sector lead for cybersecurity, and oversees key government ICT infrastructure, as well as regulates ICT procurement, data protection and security in the public sector. GovTech is a Statutory Board under the Smart Nation and Digital Government Group (SNDGG) in the Prime Minister’s Office. For more information, please visit www.tech.gov.sg.
About the Cyber Security Agency of Singapore
The Cyber Security Agency of Singapore (CSA) provides dedicated and centralised oversight of national cybersecurity functions, and works with sector leads to protect Singapore’s critical services. It also engages with various industries, and stakeholders to heighten cybersecurity awareness as well as to ensure the holistic development of Singapore’s cyber security landscape. The Agency is part of the Prime Minister’s Office and is managed by the Ministry of Communications and Information. For more information, please visit www.csa.gov.sg.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be exploited. More Fortune 500 and Forbes Global 1000 companies trust HackerOne than any other hacker-powered security alternative. The U.S. Department of Defense, General Motors, Google, Twitter, GitHub, Nintendo, Lufthansa, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, Intel, the CERT Coordination Center and over 1,200 other organizations have partnered with HackerOne to find over 100,000 vulnerabilities and award over US$47M in bug bounties. HackerOne is headquartered in San Francisco with offices in London, New York, the Netherlands, and Singapore.