Government Technology Agency Launches Vulnerability Disclosure Programme with HackerOne Following Successful Bug Bounty Programmes

Thirty one vulnerabilities were surfaced and remediated thanks to hackers in second Government Bug Bounty Programme

SINGAPORE--(October 1, 2019) -HackerOne, the number one hacker-powered pentesting and bug bounty platform, Singapore’s Government Technology Agency (GovTech) and Cyber Security Agency of Singapore (CSA) today announced the results of its second Government Bug Bounty Programme (BBP). At the same time, GovTech is launching a Vulnerability Disclosure Programme (VDP) on the HackerOne platform, inviting members of the public to identify and report the discovery of vulnerabilities found in all government internet-facing web-based and mobile applications. More information on VDP can be found here. The VDP will be the second initiative that GovTech has launched in partnership with HackerOne.

Nearly 300 white hat hackers from around the world participated in the second Government BBP, helping to discover vulnerabilities in nine public government Information and Communication Technology (ICT) systems and digital services with high user touch points from July 8 to July 28, 2019 in exchange for monetary rewards also known as bounties. Thirty one vulnerabilities were discovered and $25,950 were paid out in bounties for successful findings. Of the vulnerabilities reported through the GBBP on HackerOne, four were considered “high severity” and the remaining 27 were “medium/low severity”.

About a quarter of the hackers were Singaporeans, 30 of which had participated in the first GBBP, and seven out of the top 10 hackers who earned bounties were Singaporeans. The top hacker was “@spaceraccoon”, a 24-year old Singaporean who found nine vulnerabilities and was awarded $8,500.

The VDP is a part of the Singapore Government’s ongoing commitment to collaborate with the cybersecurity community to build a secure and resilient Smart Nation. In addition to the VDP, GovTech will conduct a third government BBP in November 2019 to continue to strengthen and enhance the cybersecurity of government systems and applications.

“The Singapore Government has been a leader in their adoption of hacker-powered security solutions within the Asia Pacific region, and we are honored to be a part of this journey,” said Fifi Handayani, GovTech’s Program Manager at HackerOne. “Their implementation of both ongoing and time-bound hacker-powered security initiatives demonstrates the maturity of their cybersecurity program and the value they have seen from maximising hacker engagement to reduce risk.”

For more information on the VDP policies, please visit