HackerOne is a bug bounty and vulnerability coordination platform, headquartered in San Francisco, California. In their recent press release they have announced the launch of Vulnerability Disclosure Program (VDP) on their platform. This program will be launched in partnership with Government Technology Agency (GovTech). The program will invite hackers among public to identify and report the vulnerabilities in internet-facing mobile and web-based applications of the government. VDP is the second initiative launched by GovTech in partnership with HackerOne.
In a recent event, Bug Bounty Programme (BBP), HackerOne collaborated with Singapore's Ministry of Defense (MINDEF). The BBP invited nearly 300 white hat hackers to discover vulnerabilities in nine public government information and communication technology (ICT) systems and digital services. These exchanges were for monetary rewards known as bounties. In this program the hacker community discovered thirty one vulnerabilities to receive bounties $25,950 for successful findings. Among all those findings, 27 were considered medium/low severity and four were considered high severity. Of all the hackers who participated in the BBP, about a quarter were Singaporeans. In addition to that the top 10 hackers to earn bounties 7 were Singaporeans.
Singapore Government has commitment to collaborate with the cybersecurity community through VDP to build a secure and resilient smart nation. In November 2019, GovTech is geared up to host its third government BBP to enhance and strengthen the cybersecurity of government systems.
Fifi Handayani, Program Manager of MINDEF at HackerOne, said that in the Asia Pacific region, Singapore Government has been leading in the adoption of hacker-powered security solutions. Their initiatives towards hacker-powered security illustrated the understanding of the value they have seen from maximizing hacker engagement to reduce cybersecurity risks.
In February, MINDEF officially announced the two new cyber expert schemes, one, to hire 300 specialists trained with cyber defense skillset and other to open a new Cyber Defense School (CDS). This is a part of an effort to protect its networks from outside attack.