GovTech Singapore Resolved 33 Security Weaknesses and Awarded Global Hacker Community Over $30,800 for Contributing to a More Secure and Resilient Smart Nation

SINGAPORE -- June 12, 2020 -- HackerOne, the number one hacker-powered security platform, and Singapore’s Government Technology Agency (GovTech), supported by the Cyber Security Agency of Singapore (CSA) today announced the results of its third Government Bug Bounty Programme (GBBP), part of the Singapore Government’s ongoing initiative to build a secure and resilient Smart Nation, a government-wide initiative to improve the lives of citizens and increase business opportunities through the adoption of digital and smart technologies throughout Singapore. 

Nearly 300 white hat hackers from around the world participated in GovTech’s third bug bounty program from November 18 to December 8, 2019, testing 13 public government Information and Communication Technology (ICT) systems, digital services and mobile applications with high end user touchpoints. Hackers discovered a total of 33 valid security vulnerabilities and earned US$30,800 in bounties, financial incentives awarded for submitting valid security vulnerabilities, making this the most successful program to date for the agency. Hackers from across the globe participated, including 72 local Singaporean hackers. Eugene Lim, a 24-year-old better known as @spaceraccoon, remained as the top hacker on the program, with local Singaporean hackers Samuel Eng (@samengmg) and Nicholas Lim (@kactros_n) taking the top 3 positions. 

Hacker-powered security continues to be a core tenet in GovTech’s approach to cybersecurity, with three bug bounty programs successfully completed to date with HackerOne and a recently launched vulnerability disclosure program that allows any ethical hacker in the world to disclose a vulnerability at any time to GovTech. GovTech’s first bug bounty challenge was launched in December 2018 and a second program in July 2019. HackerOne continues to be selected to manage GovTech’s bug bounty programmes because of its proven track record of success with government agencies globally, including its work with the U.S. Department of Defense and the European Commission. HackerOne has the largest global ethical hacker community — over 600,000 strong representing 170 countries around the world.

Our customers have also been investing in growing hacker talent in the region. In the last Bug Bounty Programme run by the Ministry of Defence (MINDEF) Singapore, half of the invited participants were local white-hat hackers, to groom talent and generate interest in white-hat hacking locally.

“The Singapore Government continues to be an industry leader when it comes to cybersecurity,” said Paul Turner, VP of Sales, EMEA and APAC at HackerOne. “Hacker-powered security is the foundation of any mature and proactive security program. By providing an opportunity to engage local as well as global hacker talent, GovTech is not only delivering on its Smart Nations goals, but also enhancing the way it services its citizens in terms of safety, security, and opportunity. Through its close relationships with ethical hackers, the Singapore Government is one step ahead in the ongoing battle against cybercriminals and ensuring that end users are safe online.”

This latest bug bounty challenge occurs against the backdrop of an evolution in cybersecurity, where everyone from government agencies to Fortune 500 companies are embracing the positive power of ethical hackers. Policymakers across the globe are recommending hacker-powered security, with some even introducing legislation to encourage and even require adoption. Just last month, the Singapore Government announced a budget commitment of one billion Singaporean dollars (S$1 billion) over the next three years to help shore up the government’s cyber and data security capabilities. The Cyber Security Advisory Panel of the Monetary Authority of Singapore last year also recommended financial institutions adopt bug bounty programs as part of their cyber testing. 

The adoption of hacker-powered security is growing in the Asia Pacific region with the number of hacker-powered security programs increasing by 30% in 2019 according to platform data in HackerOne’s 2019 Hacker-Powered Security Report. Organizations in Singapore awarded hackers nearly $390,000 in bug bounties the same year, the highest volume in the Asia Pacific region, explained HackerOne’s 2020 Hacker Report released earlier this year.

To meet the growing demand for hacker-powered security solutions in the region, HackerOne opened an office in Singapore last year. This expansion has led to additional customer programs with government, enterprise and technology organizations including GovTech, Toyota, Tencent Security Response Center, LINE, Nintendo, MINDEF Singapore, Grab, Alibaba, and mobile technology manufacturers OPPO and OnePlus. 

To learn more about bug bounty programs, please visit here

About HackerOne
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be exploited. More Fortune 500 and Forbes Global 1000 companies trust HackerOne than any other hacker-powered security alternative. With more than 1,900 customer programs, including The U.S. Department of Defense, General Motors, Google, Goldman Sachs, PayPal, Hyatt, Twitter, GitHub, Nintendo, Lufthansa, Microsoft, MINDEF Singapore, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, and Intel, HackerOne has helped to find over 170,000 vulnerabilities and award more than $100M in bug bounties to a growing community of over 700,000 hackers. HackerOne is headquartered in San Francisco with offices in London, New York, the Netherlands, France and Singapore.