Defence Networks and Systems Strengthened Through Second Bug Bounty Programme

Defence Networks and Systems Strengthened Through Second Bug Bounty Programme

The Ministry of Defence (MINDEF) has successfully concluded its second Bug Bounty Programme (BBP) that ran from 30 September 2019 to 21 October 2019. The Defence Cyber Organisation[1] had engaged HackerOne, the world's largest community of cybersecurity researchers and white-hat hackers[2], to facilitate the running of the programme. This year's BBP involved 11 selected Internet-facing systems and websites, up from eight in the inaugural MINDEF BBP in 2018, with an added focus on personal data protection.

A total of 305 white-hat hackers from around the world, comprising 134 local and 171 international white-hat hackers, participated in this year's BBP. Of the 52 vulnerability ("bug") reports submitted, 20 were deemed valid, resulting in a total bounty payout of US$16,000.

Commenting on the results, Defence Cyber Chief Brigadier-General (BG) Mark Tan said that the BBP has been effective in strengthening Singapore's defence networks and systems. He said, "The cybersecurity landscape is a fast-changing and evolving field. Cyber threat actors will always try to find new ways to attack the defence networks and military systems belonging to MINDEF and the Singapore Armed Forces. The second MINDEF Bug Bounty Programme is part of MINDEF's continued commitment to work with industry and the cybersecurity community to strengthen our defences against increasingly sophisticated attacks, and safeguard personal data under the Ministry's charge. We are glad to see the participation of so many international and local white-hat hackers, and hope that it will generate a vibrant cybersecurity eco-system in Singapore where citizens play an active role in helping to secure our national networks and systems."

A Bug Bounty Appreciation Event was held earlier today where BG Tan presented a total of seven awards to top performing local white-hat participants. The overall top-performing white-hat hacker is Mr Eugene Lim Zhi Wei, who is currently serving his full-time National Service. Mr Lim uncovered eight unique vulnerabilities and was presented the 'Top Bug Hunter' and the 'First Reported Bug' awards.

MINDEF takes a serious view of cyber threats and the security of its systems, and will continue to explore methods like the BBP to evolve and improve our defences against cyber threats.


[1] The Defence Cyber Organisation (DCO) was established by MINDEF in 2017 to lead and coordinate cyber defence efforts across the defence sector. Apart from the MINDEF BBP, DCO also drives other initiatives, such as the Cyber NSF Scheme and the cyber competition Cyberthon, to promote interest in cybersecurity amongst the youth.

[2]  White-hat hackers are computer security specialists who break into protected systems and networks to test and assess their security. These hackers use their skills to improve security by exposing vulnerabilities before malicious hackers (or "black hat hackers") can detect and exploit them.

Suggested Articles