The Ministry of Defence (MINDEF)'s Defence Cyber Chief, Mr David Koh, announced the results for the inaugural MINDEF Bug Bounty Programme today.
At a media brief, Mr Koh emphasised the increasing risk of cyber threats and highlighted that MINDEF was an attractive target for malicious cyber activity. To strengthen Singapore's defence networks and systems, MINDEF embarked on the Bug Bounty Programme, which commenced on 15 January 2018 and successfully concluded on 4 February 2018. The programme was facilitated by HackerOne, a reputable international bug bounty company.
A total of 264 white-hat hackers from around the world participated in the programme, of which 100 were from the local white hat community and 164 - inclusive of 57 of the top 100 ranked white hats in HackerOne's network - were from HackerOne's international network of white-hat hackers. There were 97 vulnerability reports submitted from 34 participants, with 35 reports deemed valid. This resulted in a total bounty payout of US$14,750.
Commenting on the results, Mr Koh noted that the programme had been successful and effective in strengthening Singapore's defence networks and systems. He said, "It is not possible to achieve 100% security, with complex computer programmes and the way coding is done. New vulnerabilities are being discovered every day; and you can get a sense of this from the regular patches and updates we get on our home computers. The bug bounty programme allowed MINDEF to tap on a global talent pool of white-hat hackers, who then were able to test our systems and find new vulnerabilities that we were not aware of. As a result, our internet-facing systems are now more secure." Agreeing, Co-founder and Chief Technology Officer of HackerOne, Mr Alex Rice, said, "The Singapore Ministry of Defence must be applauded for being one of the first few government agencies, and the first in Asia, to embrace such a forward-thinking approach to security. MINDEF's programme signals further momentum for government agency collaboration with the hacker community."
MINDEF takes a serious view of cyber threats and the security of its systems. The nature of modern computer software and systems is that they are not able to be fully secured, and new vulnerabilities are discovered every day. MINDEF will continue to explore other methods to evolve and improve our defences against cyber threats.