The Ministry of Defence (MINDEF) will be conducting its second Bug Bounty Programme (BBP) from 30 September to 21 October 2019. White hat hackers[1] from around the world have been invited to test major Internet-facing systems and websites belonging to MINDEF/Singapore Armed Forces (SAF) and other agencies in the defence sector for vulnerabilities (or “bugs”), and will receive rewards (or “bounties”) for doing so. The second BBP will cover 11 selected Internet-facing systems and websites, up from eight in the inaugural MINDEF BBP in 2018, with an added focus on personal data protection.
The bounties range from US$150 to US$10,000, depending on the severity of the discovered vulnerability. Additional bounties will be awarded for the discovery of vulnerabilities that could result in the loss of personal data.
The Defence Cyber Organisation[2] has again, engaged HackerOne, the world’s largest community of cybersecurity researchers and white hat hackers, to run this second BBP. HackerOne has invited 400 white hat hackers to take part this time. To generate local interest and groom local talents, 200 of the 400 invited are local white hat hackers. This is twice the number of local white hat hackers compared to 2018.
The inaugural MINDEF BBP involved 264 white hat hackers. A total of 35 bugs were uncovered and a total bounty of US$14,750 was paid out. The conduct of the second MINDEF BBP is part of MINDEF’s continued commitment to work with the cybersecurity community and industry to strengthen MINDEF/SAF cyber systems and safeguard personal data under the Ministry’s charge.
[1] White hat hackers are computer security specialists who break into protected systems and networks to test and assess their security. These hackers use their skills to improve security by exposing vulnerabilities before malicious hackers (or “black hat hackers”) can detect and exploit them.
[2] The Defence Cyber Organisation (DCO) was established by MINDEF in 2017 to lead and coordinate cyber defence efforts across the defence sector. Apart from the MINDEF BBP, DCO also drives other initiatives, such as the Cyber NSF Scheme and the cyber competition Cyberthon, to promote interest in cybersecurity amongst the youth.