Singapore gov’t squashes 33 bugs in bounty project

The Government Technology Agency of Singapore through its third HackerOne bug bounty programme resolved 33 security weaknesses and awarded the global hacker community over US$30,800 for helping achieve a more secure and resilient smart nation.

The bounty program, supported by the Cyber Security Agency of Singapore, is part of the Singapore government’s ongoing initiative to improve the lives of citizens and increase business opportunities through the adoption of digital and smart technologies.

Nearly 300 white hat hackers from around the world participated in GovTech’s third bug bounty program from November 18 to December 8, 2019, testing 13 public government information and communication technology (ICT) systems, digital services and mobile applications with high end user touchpoints.

Hackers discovered a total of 33 valid security vulnerabilities and earned US$30,800 in bounties, financial incentives awarded for submitting valid security vulnerabilities. Hackers from across the globe participated, including 72 local Singaporean hackers. 

Eugene Lim, a 24-year-old better known as @spaceraccoon, remained as the top hacker on the program, with local Singaporean hackers Samuel Eng (@samengmg) and Nicholas Lim (@kactros_n ) completing the top three positions.

Hacker-powered security continues to be a core tenet in GovTech’s approach to cybersecurity, with three bug bounty programs successfully completed to date with HackerOne continues to be selected to manage GovTech’s bug bounty programmes because of its track record, including its work with the US Department of Defense and the European Commission. HackerOne has the largest global ethical hacker community — over 600,000 strong representing 170 countries around the world.

Last month, the Singapore Government announced a budget commitment of S$1 billion over the next three years to help shore up the government’s cyber and data security capabilities. The Cyber Security Advisory Panel of the Monetary Authority of Singapore last year also recommended financial institutions adopt bug bounty programs as part of their cyber testing.  

To meet the growing demand for hacker-powered security solutions in the region, HackerOne opened an office in Singapore last year. This expansion has led to additional customer programs with government, enterprise and technology organisations including GovTech, Toyota, Tencent Security Response Center, LINE, Nintendo, Singapore’s MINDEF, Grab, Alibaba, and mobile technology manufacturers OPPO and OnePlus.