sb-as logo
Story image

Singapore MINDEF's Bug Bounty Challenge nets 32 vulnerabilities in three weeks

22 Feb 2018

The Singapore Ministry of Defence (MINDEF) handed out more than US$14,000 in bounties to 17 hackers who participated in the first MINDEF Bug Bounty Challenge, which concluded earlier this month.

264 ethical hackers from across the globe participated in the challenge, which enabled MINDEF to resolve 35 vulnerabilities in just three weeks.

“The global representation of hackers in the MINDEF Bug Bounty Challenge shows the overwhelming appetite from the hacker community to help governments operate more securely,” comments HackerOne cofounder and CTO Alex Rice.

Hackers were asked to penetrate three defence systems including the Ministry’s public website, NS Portal and Defence Mail.

The 35 vulnerability reports comprised 23 low, 10 medium, two high and zero critical severity vulnerabilities. No participant found any critical vulnerabilities and for the ones discovered, The Defence Ministry responded within five hours, on average.

The Ministry awarded a total of $14,750 in bounties to 17 hackers. The highest reward was $2000 to a researcher known as Shivadagger.

“Due to the fast-changing cybersecurity landscape, no agency can single handedly keep up with the identification and plugging of security gaps by itself. Inviting white hat hackers to test our systems allowed MINDEF to find previously unidentified vulnerabilities quickly, and effectively strengthen the security of our defence systems,” says MINDEF’s defence cyber chief and deputy director of special projects, David Koh.

“The success of the program helped us boost our cybersecurity in a matter of weeks,” Koh continues.

He believes the program allowed MINDEF to leverage a global talent pool of hackers to create more secure systems.

The MINDEF Bug Bounty Challenge was the first crowdsourced security initiative run by the Ministry. It claims the program is also the first of its kind by a government agency in Asia.

“The Singapore Ministry of Defence must be applauded for being one of first few government agencies, and the first in Asia, to embrace such a forward-thinking approach to security. MINDEF’s program signals further momentum for government agency collaboration with the hacker community,” Rice adds.

Bug Bounty participants hailed from Singapore, India, Pakistan, the US, Romania, Canada, Russia, Sweden, Ireland and Egypt.

The United States Department of Defense, US General Service Administration and the European Commission have also called on ethical hackers to spot vulnerabilities.

Enterprises such as Google Play, Nintendo, Qualcomm, GitHub, the CERT Solution Center and Starbucks have also conducted their own bug bounties.

According to HackerOne, its customers have resolved more than 63,000 vulnerabilities and awarded over $25M in bug bounties. More than 1000 organisations have used HackerOne services to discover critical software vulnerabilities.

Story image
Cyberattacks on healthcare organisations "out of control" - Check Point
There has been a 45% increase in cyberattacks on healthcare organisations worldwide in the last two months, making healthcare the most targeted industry by cyber criminals.More
Story image
Sophos named a Numbering Authority in CVE programme
The programme, which runs an open data registry of vulnerabilities, enables programme stakeholders to correlate vulnerability information used to protect systems against attacks. More
Story image
Hornetsecurity acquires Altaro, the latest in acquisition spree
The move is a culmination of a medley of acquisitions made by Hornetsecurity recently, following the January 2019 acquisition of Spamina, a Spanish cloud email security company, as well as EveryCloud, its British market partner, in early 2020.More
Story image
Malware variants becoming increasingly prevalent, sophisticated and evolved
"The modern threat landscape and ongoing evolution of malware are loud factors pushing every business to understand and identify modern malware threats and the necessary precautions to take to protect against them."More
Story image
Cybersecurity strategies must involve every part of the organisation - study
In the past year, a third of the breaches incorporated social engineering techniques and the cost of a breach caused by a human error averaged to $3.33 million. More
Story image
Entrust acquires HyTrust, with aim to improve data encryption solutions
Entrust says the acquisition will bolster its effort to deliver data protection and compliance solutions to its customers, while accelerating their digital transformations.More