MINDEF Holds Second Bug Bounty Programme To Strengthen Cyber Defence

The Ministry of Defence (MINDEF) will be conducting its second Bug Bounty Programme (BBP) from 30 September to 21 October 2019. White hat hackers^[1] from around the world have been invited to test major Internet-facing systems and websites belonging to MINDEF/Singapore Armed Forces (SAF) and other agencies in the defence sector for vulnerabilities (or “bugs”), and will receive rewards (or “bounties”) for doing so. The second BBP will cover 11 selected Internet-facing systems and websites, up from eight in the inaugural MINDEF BBP in 2018, with an added focus on personal data protection.

The bounties range from US$150 to US$10,000, depending on the severity of the discovered vulnerability. Additional bounties will be awarded for the discovery of vulnerabilities that could result in the loss of personal data.

The Defence Cyber Organisation^[2] has again, engaged HackerOne, the world’s largest community of cybersecurity researchers and white hat hackers, to run this second BBP. HackerOne has invited 400 white hat hackers to take part this time. To generate local interest and groom local talents, 200 of the 400 invited are local white hat hackers. This is twice the number of local white hat hackers compared to 2018.

The inaugural MINDEF BBP involved 264 white hat hackers. A total of 35 bugs were uncovered and a total bounty of US$14,750 was paid out. The conduct of the second MINDEF BBP is part of MINDEF’s continued commitment to work with the cybersecurity community and industry to strengthen MINDEF/SAF cyber systems and safeguard personal data under the Ministry’s charge.