The Singapore Government has announced a new short-term bug bounty program to for external hackers to find vulnerabilities in nine key government-run websites.The bug bounty is being overseen by the Government Technology Agency of Singapore (GovTech) and the Cyber Security Agency of Singapore (CSA).The three week bug hunting program is limited to internet-facing systems and will focus on nine widely-used systems, including the GovTech-run SingPass and MyInfo websites for transacting with government agencies online; the Singapore Land Authority’s OneMap website and and mobile app; and the Monetary Authority of Singapore’s MASNET and MAS corporate websites used by financial institutions. Others include the Ministry of Education’s Parents Gateway; and the Ministry of Manpower’s SGWorkPass mobile and CheckWorkPass Status e-Service. Singapore kicked off its first government three week bug bounty in December 2018, offering pre-selected researchers awards of up to $10,000 per bug. The program helped resolve 26 bugs and total rewards to researchers of just under $12,000.Singapore’s Ministry of Defence (MINDEF) had run separate bug bounty in in early 2018 that produced 35 valid bug reports and a top individual prize of $2,000. As with the previous GovTech and CSA bug bounty programs, this new program will be managed by third-party bug bounty firm, HackerOne. Rewards range between US$250 to US$10,000. The program will run from July to August 2019, and GovTech intends to announce key findings in September 2019.HackerOne boasts that besides the Singapore Government, others nations’ agencies using it for bug bounties include the U.S. Department of Defense, U.S. General Service Administration, the UK’s NCSC, and the European Commission, which has an ongoing EU-FOSSA program targeting open source program.One beneficiary of the EC’s bug bounty was the project behind popular VLC media player, which in June released its biggest security update ever. But key VLC developers were left with mixed feelings about the program because it attracted both scammers and actually technically competent hackers who helped it resolve security bugs. Related content analysis Cybersicherheitsvorschriften: So erfüllen Sie Ihre Compliance-Anforderungen Für CISOs und ihre Teams bedeutet die Einhaltung von Cybersicherheitsvorschriften eine enorme Herausforderung. Lesen Sie, was dabei helfen kann. By Andreas Müller 23 Aug 2024 6 mins Business Continuity Risk Management news Counting the cost of CrowdStrike: the bug that bit billions Cyber insurance coverage is set to cover only a fraction of the losses, leaving affected businesses to grapple with substantial uncovered expenses. By Shweta Sharma 26 Jul 2024 1 min Business Continuity Endpoint Protection feature CrowdStrike failure: What you need to know A flawed update to CrowdStrike Falcon sent Windows servers and PCs across the globe into an endless reboot cycle that IT organizations are still working to remediate. By CIO staff 23 Jul 2024 7 mins Technology Industry Incident Response Business Continuity feature 5 critical IT policies every organization should have in place From acceptable use policies to remote work guidelines, identifying the rules and procedures for all individuals accessing your organization’s IT resources is an IT security fundamental. By Bob Violino 22 Jul 2024 7 mins Internet Security Disaster Recovery IT Strategy PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe