Singapore Launches its Third Vulnerability Discovery Program

Singapore has announced that its agency GovTech has launched a Vulnerability Discovery Program to offer continuous reporting and seasonal in-depth testing capabilities that will tap the larger Singapore community.

"While members of the public can report suspected vulnerabilities on all Internet-facing systems through the VDP, the GBBP and VRP are only open to ‘white hat’ hackers – or ethical hackers – for testing due to the higher-value systems involved," said the GovTech blog post.

The new Vulnerability Discovery Program will offer rewards ranging from $250 to $5,000. The agency will also offer the special bounty of up to $150,000 that can cause "exceptional impact on selected systems and data."

This program with GovTech will first cover three systems: Singpass and Corppass (GovTech); Member e-Services (Ministry of Manpower – Central Provident Fund Board); and Workpass Integrated System 2 (Ministry of Manpower). More critical ICT systems will be progressively added to the program.

Ms Lim Bee Kwan, Assistant Chief Executive for Governance and Cybersecurity, GovTech, said, "Since the launch of our first crowdsourced vulnerability discovery programme in 2018, we have partnered with over 1,000 highly skilled white hat hackers to discover about 500 valid vulnerabilities. The new Vulnerability Rewards Programme will allow the Government to further tap the global pool of cybersecurity talents to put our critical systems to the test, keeping citizens’ data secured to build a safe and secure Smart Nation."